File Upload vulnerability in TMS Global Software TMS Management Console v.6.3.7.27386.20250818 allows a remote attacker to execute arbitrary code via the Logo upload in /Customer/AddEdit
The vulnerability (CWE-434 – Unrestricted Upload of File with Dangerous Type) occurs at the /Customer/AddEdit endpoint, specifically in the logo upload function. The application does not properly verify the type or content of the uploaded file, allowing an attacker to upload a malicious executable file (e.g., webshell) instead of an image. Once the file is placed on the server, the attacker can trigger its execution, thereby achieving remote code execution (RCE) on the target host.
An unauthenticated attacker operating over the network can gain full control of the server — including reading and modifying data, installing malicious software, and the ability to move laterally through the infrastructure (lateral movement).
Apply patches available from the vendor according to the references. Until the patch is implemented, it is recommended to restrict access to the /Customer/AddEdit endpoint at the firewall or WAF level and disable the logo upload function if it is not operationally necessary.
TMS Global Software TMS Management Console version 6.3.7.27386.20250818
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H