CNNVD-202508-1995 Information

CNNVD ID

CNNVD-202508-1995

Related CVE

CVE-2025-9099

• CNNVD Published: 2025-08-18

Description (Chinese)

Acrel Environmental Monitoring Cloud Platform（安科瑞环境监测云平台）是中国安科瑞（Acrel）公司的一个物联网数据中心。 Acrel Environmental Monitoring Cloud Platform 20250804及之前版本存在代码问题漏洞，该漏洞源于NewsManage/UploadNewsImg接口对参数File的文件上传缺乏限制，攻击者可远程上传任意文件。

Description (English)

Acrel Environmental Monitoring Cloud Platform (Ankorre Environmental Monitoring Cloud Platform) is a networked data centre for Acrel, China. There was a code gap in the Acrél Environmental Monitoring Club Platform 20250804 and earlier versions, which stemmed from the lack of restrictions on the uploading of files to the parameter File from the NewsManage/UploadNewsImg interface, where the assailant could upload any files remotely.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

安科瑞

Published

2025-08-18

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.320421 https://www.notion.so/upload-23e9bb66b0a58088a9b4fcaea56a857f?source=copy_link https://vuldb.com/?submit.628090 https://vuldb.com/?id.320421 https://nvd.nist.gov/vuln/detail/CVE-2025-9099