来源

关联漏洞

描述

An Improper Control of Generation of Code (code injection / file upload → RCE) vulnerability affecting DELMIA Apriso (Release 2020 → Release 2025). When an authenticated user can upload files and the upload handler fails to canonicalize filenames or enforce storage restrictions, an attacker may place executable artifacts into web-served locations (via path traversal or insufficient normalization) and achieve remote code execution under the webserver context.

文件快照

 id: CVE-2025-6204

info:
  name: DELMIA Apriso - Command Injection
  author: iamnoooob,rootxharsh,pa

...

备注