Primary

Context

Simopro Technology WinMatrix3 Web Package Arbitrary File Upload Vulnerability Allowing Remote Code Execution

Vulnerability

A vulnerability allowing arbitrary file upload has been identified in the WinMatrix3 Web package by Simopro Technology. This issue enables remote attackers with administrator privileges to upload and execute web shell backdoors, facilitating arbitrary code execution on the server. The vulnerability affects WinMatrix Web versions through 1.2.38.1.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server by executing uploaded web shell backdoors.

Remediation

Users are advised to update to WinMatrix Web version 3.8.52.5 (Web 1.2.39.5) and install the hotfix, or to version 3.9.1 (Web 1.3.1) or later.

Added: Jul 21, 2025, 6:17 AM

Updated: Jul 21, 2025, 7:35 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.8

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.8

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Simopro Technology WinMatrix3 Web Package Arbitrary File Upload Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating