CNNVD-202601-1802 Information
CNNVD ID
CNNVD-202601-1802
Related CVE
- CNNVD Published: 2026-01-12
Description (Chinese)
WebErpMesv2是Kevin个人开发者的一个面向工业的资源管理和制造的Web系统。 WebErpMesv2 1.19之前版本存在安全漏洞,该漏洞源于多个控制器存在文件上传验证绕过,可能导致经过身份验证的用户上传任意文件,包括PHP脚本,从而导致远程代码执行。
Description (English)
WebErpMesv2 is an industry-oriented Web-based resource management and manufacturing system for Kevin’s personal developers. The previous version of WebErpMesv2 1.19 had a security loophole, which stemmed from the fact that multiple controllers had document upload verification bypassed, which could lead to the uploading of arbitrary files, including PHP scripts, by a user with authentication, leading to remote code execution.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2026-01-12
Last Modified
2026-02-24
References
https://github.com/SMEWebify/WebErpMesv2/commit/c9e7f4a85aeb774a0ea4b61ad57a51b941166b69 https://github.com/SMEWebify/WebErpMesv2/security/advisories/GHSA-64rv-f829-x6m4
Patch
https://github.com/SMEWebify/WebErpMesv2/releases
Share on: