Primary

Context

M2Soft CROWNIX Report & ERS Arbitrary File Upload Vulnerability in Opcode 500 Functionality

Vulnerability

An arbitrary file upload vulnerability has been identified in M2Soft CROWNIX Report & ERS versions 5.x prior to 5.5.14.1070, 7.x prior to 7.4.3.960, and 8.x prior to 8.2.0.345. This vulnerability allows attackers to execute arbitrary code by uploading a crafted file through the opcode 500 functionality.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where CROWNIX Report & ERS is running.

Reproduction

To reproduce this vulnerability, upload a malicious file through the CROWNIX ERS Reporting Server's opcode 500 feature. The uploaded file can then be executed on the server.

Remediation

Users are advised to update to CROWNIX Report & ERS version 5.5.14.1071, 7.4.3.961, or 8.2.0.346. Instructions for obtaining the patch are available by contacting the M2Soft technical support center.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.7

remediation

7.7

relevance

0.0

threat

1.6

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.7

remediation

7.7

relevance

0.0

threat

1.6

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

M2Soft CROWNIX Report & ERS Arbitrary File Upload Vulnerability in Opcode 500 Functionality

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating