zzskzy Warehouse Refinement Management System Unrestricted File Upload Vulnerability

A critical vulnerability allowing unrestricted file uploads has been identified in zzskzy Warehouse Refinement Management System version 1.3. The issue arises in the UploadCrash function within the file /crash/log/SaveCrash.ashx, where the manipulation of the file argument enables remote exploitation. This vulnerability could lead to the upload of malicious files that are automatically processed in the product's environment.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which could be used to upload malicious files that are executed or processed by the application, potentially leading to further attacks such as remote code execution.

Reproduction

The vulnerability can be reproduced by sending a request to the /crash/log/SaveCrash.ashx endpoint with a manipulated file argument that bypasses any file type restrictions. This can be done remotely.