go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Hyweb HyCMS-J1 - Arbitrary File Upload

TVN ID TVN-202101002
CVE ID NA
Affected Products Hyweb HyCMS-J1 version prior to 7.4.3
Description Hyweb HyCMS-J1 API does not filter special characters, causing remote attackers can upload files arbitrarily.
Solution Update Hyweb HyCMS-J1 to the latest version or contact Hyweb Tech. for vulnerability repairment.
Credit Robin Tung (CHT)
Public Date 2021-01-19
Top