2 matches found
CVE-2024-13984
QiAnXin TianQing Management Center affected versions up to 6.7.0.4130 contain a path traversal flaw in the rptsvr/upload endpoint. The filename in multipart form-data requests isn’t properly sanitized, enabling unauthenticated attackers to upload files to arbitrary locations on the server, potent...
VulnCheck KEV: CVE-2024-13984
QiAnXin TianQing Management Center versions up to and including 6.7.0.4130 contain a path traversal vulnerability in the rptsvr component that allows unauthenticated attackers to upload files to arbitrary locations on the server. The /rptsvr/upload endpoint fails to sanitize the filename...