CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1646 – Lumsoft ERP ASPX File UploadAjaxAPI.ashx unrestricted upload
https://notcve.org/view.php?id=CVE-2025-1646
25 Feb 2025 — A vulnerability, which was classified as critical, has been found in Lumsoft ERP 8. Affected by this issue is some unknown functionality of the file /Api/TinyMce/UploadAjaxAPI.ashx of the component ASPX File Handler. The manipulation of the argument file leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Rain1er/report/blob/main/Lserp/fileUpload_3.md • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1165 – Lumsoft ERP FileUploadApi.ashx DoWebUpload unrestricted upload
https://notcve.org/view.php?id=CVE-2025-1165
11 Feb 2025 — A vulnerability, which was classified as critical, was found in Lumsoft ERP 8. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Rain1er/report/blob/main/Lserp/fileUpload_1.md • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •