4 matches found
CVE-2025-41714
CVE-2025-41714 affects the Welotec SmartEMS Web Application (SmartEMS Upload Handling). The issue is in the upload endpoint where the Upload-Key header is not adequately validated, allowing path traversal sequences to cause upload-related artifacts to be created outside the intended storage locat...
CVE-2025-41714 Path Traversal via 'Upload-Key' in SmartEMS Upload Handling
The upload endpoint insufficiently validates the 'Upload-Key' request header. By supplying path traversal sequences, an authenticated attacker can cause the server to create upload-related artifacts outside the intended storage location. In certain configurations this enables arbitrary file write...
CVE-2025-41714 Path Traversal via 'Upload-Key' in SmartEMS Upload Handling
The upload endpoint insufficiently validates the 'Upload-Key' request header. By supplying path traversal sequences, an authenticated attacker can cause the server to create upload-related artifacts outside the intended storage location. In certain configurations this enables arbitrary file write...
Welotec SmartEMS Web Application 路径遍历漏洞
Welotec SmartEMS Web Application is a web-based application with energy management and monitoring capabilities from Welotec, Germany. A path traversal vulnerability exists in the Welotec SmartEMS Web Application, which stems from insufficient validation of the upload endpoint and could lead to...