e-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker without logging the service can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HEdetw U Office Force
APPEdetw20.0.7668d
Related vulnerabilities
Insecure Deserialization w Edetw U-Office Force umożliwia zdalne RCE
U-Office Force: Nieautoryzowane logowanie jako administrator przez manipulację cookies
U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote atta...
U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote atta...
The U-Office Force from e-Excellence has an Arbitrary File Upload vulnerability, allowing remote attackers wit...