CVE-2025-34046
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-06-26

Last updated on: 2025-11-20

Assigner: VulnCheck

Description
An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management interface. The vulnerability affects the /general/index/UploadFile.php endpoint, which improperly validates uploaded files when invoked with certain parameters (uploadType=eoffice_logo or uploadType=theme). An attacker can exploit this flaw by sending a crafted HTTP POST request to upload arbitrary files without requiring authentication. Successful exploitation could enable remote code execution on the affected server, leading to complete compromise of the web application and potentially the underlying system.Β Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-26
Last Modified
2025-11-20
Generated
2026-05-07
AI Q&A
2025-06-26
EPSS Evaluated
2026-05-05
NVD
CVE-2025-34046
EUVD
EUVD-2025-19208
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an unauthenticated file upload flaw in Fanwei E-Office versions up to v9.4. It affects the /general/index/UploadFile.php endpoint, which does not properly validate files uploaded with certain parameters (uploadType=eoffice_logo or uploadType=theme). An attacker can exploit this by sending a crafted HTTP POST request to upload arbitrary files without needing to log in. This can lead to remote code execution on the server, potentially allowing full control over the web application and the underlying system. [1]


How can this vulnerability impact me? :

Exploitation of this vulnerability can lead to remote code execution on the affected server, resulting in complete compromise of the web application and possibly the underlying system. This means attackers can execute arbitrary commands, access sensitive data, disrupt services, or use the server as a foothold for further attacks. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring HTTP POST requests to the /general/index/UploadFile.php endpoint with parameters uploadType=eoffice_logo or uploadType=theme. You can use network traffic analysis tools like tcpdump or Wireshark to capture such requests. For example, a command to capture relevant HTTP POST requests using tcpdump could be: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'POST /general/index/UploadFile.php'. Additionally, web server logs can be searched for POST requests to this endpoint with the specified parameters using grep or similar tools. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access to the /general/index/UploadFile.php endpoint, especially for unauthenticated users, by implementing authentication and authorization controls. Additionally, applying web application firewall (WAF) rules to block or monitor suspicious file upload attempts targeting uploadType=eoffice_logo or uploadType=theme parameters can help. If possible, update or patch the Fanwei E-Office software to a version that addresses this vulnerability. As a temporary measure, disabling file uploads via this endpoint until a fix is applied can reduce risk. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart