CVE ID : CVE-2024-13984
Published : Aug. 27, 2025, 10:15 p.m. | 3 hours, 34 minutes ago
Description : QiAnXin TianQing Management Center versions up to and including 6.7.0.4130 contain a path traversal vulnerability in the rptsvr component that allows unauthenticated attackers to upload files to arbitrary locations on the server. The /rptsvr/upload endpoint fails to sanitize the filename parameter in multipart form-data requests, enabling path traversal. This allows attackers to place executable files in web-accessible directories, potentially leading to remote code execution.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Source: Read More