关联漏洞
介绍
# CVE-2025-56218 Unrestricted File Upload
# Description
An attacker may upload an Excel file that contains a malicious script or a phishing URL. The application converts the file to PDF and forwards it to the intended recipient for digital signature. Because hyperlinks in the generated PDF are displayed with attacker-controlled text and no warning is presented, the recipient could be deceived into clicking the link and thereby triggering execution of malicious commands
------------------------------------------
# CVSS Score: 5.5 (Medium)
------------------------------------------
Attack Type
* Remote (Authenticated)
------------------------------------------
Affected Versions
* versions before <= 8.6.8
------------------------------------------
Vendor of Product
* Ascertia
------------------------------------------
Affected Product Code Base
* SigningHub
------------------------------------------
Affected Component
* File Upload Function.
------------------------------------------
Mitigations
* Scan the uploaded file before sending it to the target users
------------------------------------------
Vulnerability Details
* An attacker can upload a file containing malicious website/script and send it to a list of users. Through social engineering, users may be directed to the attacker’s phishing website, as the application does not scan uploaded file contents.
------------------------------------------
Fixed versions
* versions after > 8.6.8
------------------------------------------
Discovered By:
* Yazan Abu-Nadi
文件快照
[4.0K] /data/pocs/e0bfe7d8a6dfd3abf437cce83b2e1ead76bf035a
└── [1.6K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。