HIGH🇬🇧 English

CVE-2025-2396

CVSS 8.8v3.1pub. 2025-03-17upd. 2025-11-18

The U-Office Force from e-Excellence has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Edetw U Office Force

    APP
    Edetw
    < 28.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2026-3422CRITICAL9.3PL ✓ten sam produkt

Insecure Deserialization w Edetw U-Office Force umożliwia zdalne RCE

CVE-2025-2395CRITICAL9.8PL ✓ten sam produkt

U-Office Force: Nieautoryzowane logowanie jako administrator przez manipulację cookies

CVE-2023-32757CRITICAL9.8ten sam produkt

e-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type. An ...

CVE-2025-12864HIGH8.7ten sam produkt

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote atta...

CVE-2025-12865HIGH8.7ten sam produkt

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote atta...