Acrel EEMS Enterprise Power Operation and Maintenance Cloud Platform Path Traversal Vulnerability Allowing Arbitrary File Upload

A path traversal vulnerability has been identified in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform version 1.3.0. The issue arises in an unknown functionality of the file '/SubstationWEBV2/app/..;/main/upfile', where manipulating the 'path' argument can lead to unauthorized file uploads. This vulnerability can be exploited remotely. The exploit has been publicly disclosed, and the vendor has not responded to prior disclosure attempts.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which could be used to upload malicious files such as web shells, potentially leading to remote code execution.

Reproduction

To reproduce this vulnerability, send a POST request to '/SubstationWEBV2/app/..;/main/upfile' with 'Content-Type' set to 'multipart/form-data'. Include a file named '123.jsp' in the 'multipartFile' form-data field. The request can be made using tools like Postman or curl.