4 matches found
CVE-2026-2684
CVE-2026-2684 affects the Tsinghua Unigroup Electronic Archives System (up to 3.2.210802[62532]). The vulnerability resides in an unknown function handling the file upload at /Archive/ErecordManage/uploadFile.html, where manipulating the argument File enables an unrestricted upload. This can be e...
CVE-2026-2672
CVE-2026-2672 affects Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). The vulnerability lies in the Download function for the file /Search/Subject/downLoad, where manipulating the path argument triggers a path traversal. Exploitation is possible remotely; PoC/public exploit exists...
CVE-2026-2683
CVE-2026-2683 concerns Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). The vulnerability lies in an unknown function within /Using/Subject/downLoad.html where manipulation of the path argument enables path traversal. The issue appears exploitable remotely and a public exploit has ...
CVE-2026-2682
CVE-2026-2682 affects Tsinghua Unigroup Electronic Archives System up to version 3.2.210802(62532). The vulnerability is a SQL injection in an unknown function exposed via the URL path /mine/PublicReport/prinReport.html?token=java, where manipulating the comid argument leads to injection. The att...