CVE-2025-13282

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use thes...

CVE-2025-13282

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use thes...

CVE-2025-13282

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use thes...

EUVD-2025-197759

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could...

CVE-2025-13283 Chunghwa Telecom｜TenderDocTransfer - Arbitrary File Copy and Paste

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could...

CVE-2025-13283 Chunghwa Telecom｜TenderDocTransfer - Arbitrary File Copy and Paste

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could...

CVE-2025-13282 Chunghwa Telecom｜TenderDocTransfer - Arbitrary File Delete

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use thes...

CVE-2025-13282

TenderDocTransfer (Chunghwa Telecom) exposes a combination of flaws: (1) an Absolute Path Traversal within one API that could allow deletion of arbitrary files on the user’s system, and (2) APIs with no CSRF protection, enabling unauthenticated remote attackers to trigger actions via phishing. Th...

CVE-2025-13282 Chunghwa Telecom｜TenderDocTransfer - Arbitrary File Delete

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use thes...

PT-2025-47110

Name of the Vulnerable Software and Affected Versions TenderDocTransfer affected versions not specified Description TenderDocTransfer, developed by Chunghwa Telecom, has an issue that allows for arbitrary file deletion. The application establishes a local web server and offers APIs for...

Chunghwa Telecom TenderDocTransfer 跨站请求伪造漏洞

Chunghwa Telecom TenderDocTransfer is an application from Chunghwa Telecom China. Chunghwa Telecom TenderDocTransfer suffers from a cross-site request forgery vulnerability that stems from a lack of CSRF protection in the API and the presence of absolute path traversal, which could lead to an...

Chunghwa Telecom TenderDocTransfer 跨站请求伪造漏洞

Chunghwa Telecom TenderDocTransfer is an application from Chunghwa Telecom China. Chunghwa Telecom TenderDocTransfer suffers from a cross-site request forgery vulnerability that stems from a lack of CSRF protection in the API and the presence of absolute path traversal, which could lead to an...

CVE-2024-12642

TenderDocTransfer from Chunghwa Telecom has an Arbitrary File Write vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs...

CVE-2024-12641

TenderDocTransfer from Chunghwa Telecom has a Reflected Cross-site scripting vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use...

CVE-2024-12641

TenderDocTransfer from Chunghwa Telecom has a Reflected Cross-site scripting vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use...

CVE-2024-12642 Chunghwa Telecom TenderDocTransfer - Arbitrary File Write

TenderDocTransfer from Chunghwa Telecom has an Arbitrary File Write vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs...

Chunghwa Telecom TenderDocTransfer 跨站脚本漏洞

Chunghwa Telecom TenderDocTransfer is an application from Chunghwa Telecom China. A cross-site scripting vulnerability exists in Chunghwa Telecom TenderDocTransfer versions 0.41.151 through 0.41.156, which stems from susceptibility to reflective cross-site scripting attacks and a lack of CSRF...

PT-2024-17686 · Chunghwa Telecom · Tenderdoctransfer

Name of the Vulnerable Software and Affected Versions: TenderDocTransfer from Chunghwa Telecom affected versions not specified Description: The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the API...