21 matches found
CVE-2026-22789
WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, WebErpMesv2 contains a file upload validation bypass vulnerability in multiple controllers that allows authenticated users to upload arbitrary files, including PHP scripts, leading to Remote...
CVE-2026-22788
WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, the WebErpMesV2 application exposes multiple sensitive API endpoints without authentication middleware. An unauthenticated remote attacker can read business-critical data including companies,...
CVE-2026-22789
WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, WebErpMesv2 contains a file upload validation bypass vulnerability in multiple controllers that allows authenticated users to upload arbitrary files, including PHP scripts, leading to Remote...
CVE-2026-22789 WebErpMesv2 has a File Upload Validation Bypass Leading to RCE
WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, WebErpMesv2 contains a file upload validation bypass vulnerability in multiple controllers that allows authenticated users to upload arbitrary files, including PHP scripts, leading to Remote...
CVE-2026-22789 WebErpMesv2 has a File Upload Validation Bypass Leading to RCE
WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, WebErpMesv2 contains a file upload validation bypass vulnerability in multiple controllers that allows authenticated users to upload arbitrary files, including PHP scripts, leading to Remote...
EUVD-2026-1998
WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, WebErpMesv2 contains a file upload validation bypass vulnerability in multiple controllers that allows authenticated users to upload arbitrary files, including PHP scripts, leading to Remote...
CVE-2026-22789
WebErpMesv2 prior to version 1.19 contains a file upload validation bypass in multiple controllers that allows authenticated users to upload arbitrary files (including PHP scripts), leading to Remote Code Execution. The vulnerability is described as identical to CVE-2025-52130 but in different co...
CVE-2026-22789 WebErpMesv2 has a File Upload Validation Bypass Leading to RCE
WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, WebErpMesv2 contains a file upload validation bypass vulnerability in multiple controllers that allows authenticated users to upload arbitrary files, including PHP scripts, leading to Remote...
CVE-2026-22788 WebErpMesv2 allows unauthenticated API Access
WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, the WebErpMesV2 application exposes multiple sensitive API endpoints without authentication middleware. An unauthenticated remote attacker can read business-critical data including companies,...
CVE-2026-22788 WebErpMesv2 allows unauthenticated API Access
WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, the WebErpMesV2 application exposes multiple sensitive API endpoints without authentication middleware. An unauthenticated remote attacker can read business-critical data including companies,...
CVE-2026-22788 WebErpMesv2 allows unauthenticated API Access
WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, the WebErpMesV2 application exposes multiple sensitive API endpoints without authentication middleware. An unauthenticated remote attacker can read business-critical data including companies,...
PT-2026-2307
Name of the Vulnerable Software and Affected Versions WebErpMesv2 versions prior to 1.19 Description The WebErpMesv2 application lacks authentication middleware for multiple sensitive API endpoints. This allows an unauthenticated remote attacker to read business-critical data, including companies...
WebErpMesv2 访问控制错误漏洞
WebErpMesv2 is an industry-oriented web system for resource management and manufacturing by Kevin Personal Developer. An Access Control Error vulnerability exists in WebErpMesv2 versions prior to 1.19 that stems from multiple sensitive API endpoints that do not utilize authentication middleware,...
PT-2026-2308
Name of the Vulnerable Software and Affected Versions WebErpMesv2 versions prior to 1.19 Description WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Versions prior to 1.19 contain a file upload validation bypass in multiple controllers. This allows...
EUVD-2025-25746
Malicious code in bioql PyPI...
CVE-2025-52130
File upload vulnerability in WebErpMesv2 1.17 in the app/Http/Controllers/FactoryController.php controller. This flaw allows an authenticated attacker to upload arbitrary files, including PHP scripts, which can be accessed via direct GET requests, potentially resulting in remote code execution RC...
CVE-2025-52130
File upload vulnerability in WebErpMesv2 1.17 in the app/Http/Controllers/FactoryController.php controller. This flaw allows an authenticated attacker to upload arbitrary files, including PHP scripts, which can be accessed via direct GET requests, potentially resulting in remote code execution RC...
CVE-2025-52130
File upload vulnerability in WebErpMesv2 1.17 in the app/Http/Controllers/FactoryController.php controller. This flaw allows an authenticated attacker to upload arbitrary files, including PHP scripts, which can be accessed via direct GET requests, potentially resulting in remote code execution RC...
WebErpMesv2 安全漏洞
WebErpMesv2 is an industry-oriented web system for resource management and manufacturing by Kevin Personal Developer. A security vulnerability exists in WebErpMesv2 version 1.17, which stems from a flaw in the FactoryController.php controller file upload function that could lead to remote code...
PT-2025-34700
Name of the Vulnerable Software and Affected Versions: WebErpMesv2 version 1.17 Description: A file upload vulnerability exists in the app/Http/Controllers/FactoryController.php controller. An authenticated attacker can upload arbitrary files, including PHP scripts. These files are accessible via...