CNNVD-202507-3914 Information

CNNVD ID

CNNVD-202507-3914

Related CVE

CVE-2014-125126

• CNNVD Published: 2025-07-31

Description (Chinese)

TECOrange Simple E-Document是TECOrange公司的一款用于大量邮件接收的系统。 TECOrange Simple E-Document 3.0至3.1版本存在安全漏洞，该漏洞源于上传机制未限制文件类型和验证输入，可能导致任意文件上传和远程代码执行。

Description (English)

TECOrange Simple E-Document is a large mail-receiving system of TECOrange. There is a security loophole in TECOrange Simple E-Document 3.0 to 3.1, which stems from the fact that the upload mechanism does not limit the type of document and the authentication of input, which may lead to the uploading of any file and remote code execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

TECOrange

Published

2025-07-31

Last Modified

2026-02-24

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/simple_e_document_upload_exec.rb https://sourceforge.net/projects/simplee-doc/ https://www.exploit-db.com/exploits/31264 https://www.vulncheck.com/advisories/simple-edocument-abitrary-file-upload-rce