|
|
|||
| Rule General Information |
|---|
| Release Date: | 2025-01-14 | |
| Rule Name: | Lumsoft ERP FileUploadApi.ashx Arbitrary File Upload Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Lumsoft ERP is a powerful enterprise resource planning (ERP) software designed for small and medium-sized enterprises to help enterprises optimize management processes and improve operational efficiency. The FileUploadApi.ashx interface of the Langkspeed ERP has file upload vulnerabilities. Unauthorized attackers can use this vulnerability to arbitrarily execute code on the server, write a backdoor, obtain server permissions, and then control the entire web server. | |
| Impact: | Attackers can upload viruses, Trojans, WebShell, other malicious scripts or pictures containing scripts to the server, and attackers can use these files for subsequent attacks. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |