Acrel Environmental Monitoring Cloud Platform Unrestricted File Upload Vulnerability

Vulnerability

A vulnerability allowing unrestricted file uploads has been identified in the Acrel Environmental Monitoring Cloud Platform, in versions prior to 20250804. The issue arises in the '/NewsManage/UploadNewsImg' file, where the 'File' argument can be manipulated to bypass upload restrictions. This vulnerability can be exploited remotely, and a public proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which could be used to upload malicious files that are executed or processed by the application, potentially leading to further attacks or system compromise.

Added: Aug 18, 2025, 1:16 AM

Updated: Aug 18, 2025, 1:16 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Acrel Environmental Monitoring Cloud Platform Unrestricted File Upload Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating