Primary

Context

Softwin WMX3 Unrestricted File Upload Vulnerability in ImageAdd Function

Vulnerability

A critical vulnerability allowing unrestricted file uploads has been identified in Softwin WMX3 version 3.1. The issue arises in the ImageAdd function of the file /ImageAdd.ashx, where the manipulation of the 'File' argument enables unauthorized file uploads. This vulnerability can be exploited remotely, and details of the exploit are publicly available.

Impact

Exploitation of this vulnerability could lead to unauthorized file uploads, potentially allowing for the execution of malicious files on the server.

Reproduction

The vulnerability can be reproduced by sending a request to the /ImageAdd.ashx endpoint with a manipulated 'File' argument that bypasses file type restrictions. This can be done using a variety of tools that allow for HTTP request manipulation, such as Postman or Burp Suite.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Softwin WMX3 Unrestricted File Upload Vulnerability in ImageAdd Function

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating