ГлавнаяУязвимости → CVE-2025-12867
7.2высокая

CVE-2025-12867

Описание

EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

CVSS
Балл7.2 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.twcert.org.tw/en/cp-139-10491-004b0-2.htmlhttps://www.twcert.org.tw/tw/cp-132-10490-2534b-1.htmlhttps://www.chtsecurity.com/news/20848f61-9db5-44fd-8574-c9d6a54e4010