TMS Global Software TMS Management Console File Upload Vulnerability Leading to Remote Code Execution
Vulnerability
A file upload vulnerability has been identified in TMS Global Software's TMS Management Console version 6.3.7.27386.20250818. This vulnerability allows remote attackers to execute arbitrary code by uploading a malicious file through the Logo upload feature in the /Customer/AddEdit endpoint.
Impact
Exploitation of this vulnerability allows for arbitrary code execution on the server.
Reproduction
To reproduce this vulnerability, intercept the request to the /Customer/AddEdit/{{Customer_id}} endpoint using a proxy tool like Burp Suite. Change the 'filename' parameter in the logo upload request from an SVG file to 'web.config'. Include a handler and ASP code in the web.config file for code execution. After successfully uploading the file, access it at the URL /icons/web.config. If the uploaded ASP code is executed, it confirms that the vulnerability has been successfully exploited.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.