CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2396 – e-Excellence U-Office Force - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-2396
17 Mar 2025 — The U-Office Force from e-Excellence has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. • https://www.twcert.org.tw/en/cp-139-10014-69aa5-2.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2395 – e-Excellence U-Office Force - Improper Authentication
https://notcve.org/view.php?id=CVE-2025-2395
17 Mar 2025 — The U-Office Force from e-Excellence has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to use a particular API and alter cookies to log in as an administrator. • https://www.twcert.org.tw/en/cp-139-10012-d5bbc-2.html • CWE-565: Reliance on Cookies without Validation and Integrity Checking •