The U-Office Force from e-Excellence has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HEdetw U Office Force
APPEdetw< 28.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
Related vulnerabilities
CVE-2026-3422CRITICAL9.3PL ✓ten sam produkt
Insecure Deserialization w Edetw U-Office Force umożliwia zdalne RCE
CVE-2025-2395CRITICAL9.8PL ✓ten sam produkt
U-Office Force: Nieautoryzowane logowanie jako administrator przez manipulację cookies
CVE-2023-32757CRITICAL9.8ten sam produkt
e-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type. An ...
CVE-2025-12864HIGH8.7ten sam produkt
U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote atta...
CVE-2025-12865HIGH8.7ten sam produkt
U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote atta...