Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Dongsheng Logistics Software Unauthenticated Arbitrary File Upload
Vulnerability Description
Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile that fails to enforce proper file type validation and access control. An attacker can upload arbitrary files, including executable scripts such as .ashx, via a crafted multipart/form-data POST request. This allows remote code execution on the server, potentially leading to full system compromise. The vulnerability is presumed to affect builds released prior to July 2025 and is said to be remediated in newer versions of the product, though the exact affected range remains undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-07-23 UTC.
CVSS Information
N/A
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
Dongsheng Logistics Software 安全漏洞
Vulnerability Description
Dongsheng Logistics Software是中国东胜(Dongsheng)公司的一款物流管理系统。 Dongsheng Logistics Software存在安全漏洞,该漏洞源于/CommMng/Print/UploadMailFile端点未验证文件类型,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A