Lumsoft ERP Unrestricted File Upload Vulnerability

Vulnerability

A critical unrestricted file upload vulnerability has been identified in Lumsoft ERP version 8. The issue resides in the DoUpload/DoWebUpload function of the FileUploadApi.ashx file. This vulnerability allows for remote exploitation by manipulating the file upload argument, potentially leading to unauthorized file uploads on the server.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which could be used to upload malicious files or scripts that could be executed on the server.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Lumsoft ERP Unrestricted File Upload Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating