|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-08-06 | |
| Rule Name: | EKing FileUpload.ihtm Arbitrary File Upload Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Eking is an enterprise level management software platform, which provides one-stop human resource management, customer relationship management (CRM), project management and other solutions, aiming to help enterprises improve management efficiency and business process automation. There is an arbitrary file upload vulnerability in the Eking of YiFileUpload.ihtm. An attacker can upload malicious files and execute malicious programs on the server through the vulnerability. | |
| Impact: | Attackers can upload viruses, Trojans, WebShell, other malicious scripts or pictures containing scripts to the server, and attackers can use these files for subsequent attacks. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |