CVE-2024-13984 Qi'anxin TianQing Management Center rptsvr Arbitrary File Upload

QiAnXin TianQing Management Center versions up to and including 6.7.0.4130 contain a path traversal vulnerability in the rptsvr component that allows unauthenticated attackers to upload files to arbitrary locations on the server. The /rptsvr/upload endpoint fails to sanitize the filename paramete...