CVE-2025-34163
BaseFortify
Publication date: 2025-08-27
Last updated on: 2025-08-29
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qindao_dongsheng_weiye_software | logistics_software | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can allow an attacker to execute arbitrary code remotely on the affected server, which may lead to full system compromise. This means the attacker could gain control over the server, access sensitive data, disrupt services, or use the compromised system to launch further attacks.
Can you explain this vulnerability to me?
This vulnerability in Dongsheng Logistics Software involves an unauthenticated endpoint (/CommMng/Print/UploadMailFile) that does not properly validate file types or enforce access control. An attacker can exploit this by uploading arbitrary files, including executable scripts like .ashx, through a specially crafted multipart/form-data POST request. This can lead to remote code execution on the server, potentially allowing the attacker to fully compromise the system.