Primary

Context

Dongsheng Logistics Software Unauthenticated Arbitrary File Upload Vulnerability Allowing Remote Code Execution

Vulnerability

A vulnerability exists in Dongsheng Logistics Software prior to July 2025, allowing unauthenticated users to upload arbitrary files, including executable scripts, through a multipart/form-data POST request to the /CommMng/Print/UploadMailFile endpoint. This lack of proper file type validation and access control enables remote code execution on the server, potentially leading to a full system compromise.

Impact

Successful exploitation allows for remote code execution on the server, with the potential for full system compromise.

Remediation

Users are advised to upgrade to the latest version of Dongsheng Logistics Software, as the vulnerability has been addressed in releases after July 2025.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

7.7

relevance

0.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

7.7

relevance

0.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dongsheng Logistics Software Unauthenticated Arbitrary File Upload Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating