CRITICAL🇵🇱 Wersja polska

CVE-2024-13984

CVSS 10.0v4.0pub. 2025-08-27upd. 2026-04-15

QiAnXin TianQing Management Center versions up to and including 6.7.0.4130 contain a path traversal vulnerability in the rptsvr component that allows unauthenticated attackers to upload files to arbitrary locations on the server. The /rptsvr/upload endpoint fails to sanitize the filename parameter in multipart form-data requests, enabling path traversal. This allows attackers to place executable files in web-accessible directories, potentially leading to remote code execution. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-08-23 UTC.

🤖 AI Analysis
How it works

The /rptsvr/upload endpoint does not verify or sanitize the filename parameter in multipart form-data requests. An attacker can construct an HTTP request containing path traversal sequences (e.g., '../') in the filename, which allows the uploaded file to be saved outside the intended target directory. This makes it possible to place an executable file (e.g., webshell) in a directory publicly accessible by the web server. After performing this operation, the attacker can invoke the uploaded file through a browser or HTTP request and obtain remote code execution on the server.

Impact

An unauthenticated attacker can gain full control of the server by placing and executing malicious code (RCE). Violation of confidentiality, integrity, and availability of both the target system and associated resources is possible.

Mitigation & patch

Patches available from the vendor should be applied according to the references. It is also recommended to restrict network access to the /rptsvr/upload endpoint at the firewall level and monitor attempts of unauthorized file uploads.

Who is affected

QiAnXin TianQing Management Center in versions up to and including 6.7.0.4130 (rptsvr component)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEPath TraversalAuth Bypass
CWE
References