Primary

Context

NewType Infortech NUP Portal Missing Authentication Vulnerability Allowing Unauthenticated File Upload

Vulnerability

A missing authentication vulnerability has been identified in the NUP Portal developed by NewType Infortech, affecting versions SP5.0 and prior. This vulnerability allows unauthenticated remote attackers to directly upload files. If an attacker can bypass the file extension restrictions, they could upload a web shell and execute it on the server side.

Impact

Exploitation of this vulnerability could lead to unauthorized file uploads, with the potential for uploaded files to be executed on the server, such as web shells that allow remote code execution.

Remediation

Users are advised to update to version SP5.1 or later.

Added: Sep 12, 2025, 11:21 AM

Updated: Sep 12, 2025, 11:21 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NewType Infortech NUP Portal Missing Authentication Vulnerability Allowing Unauthenticated File Upload

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating