HIGH🇵🇱 Wersja polska

CVE-2025-2396

CVSS 8.8v3.1pub. 2025-03-17upd. 2025-11-18

The U-Office Force from e-Excellence has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Edetw U Office Force

    APP
    Edetw
    < 28.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2026-3422CRITICAL9.3PL ✓ten sam produkt

Insecure Deserialization w Edetw U-Office Force umożliwia zdalne RCE

CVE-2025-2395CRITICAL9.8PL ✓ten sam produkt

U-Office Force: Nieautoryzowane logowanie jako administrator przez manipulację cookies

CVE-2023-32757CRITICAL9.8ten sam produkt

e-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type. An ...

CVE-2025-12864HIGH8.7ten sam produkt

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote atta...

CVE-2025-12865HIGH8.7ten sam produkt

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote atta...