Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network vector, no authentication, but UI:R reflects that secondary impact requires a user to download; S:C captures cross-user file delivery risk.
Primary rating from Vendor (twcert).
CVSS VectorVendor: twcert
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Enterprise Cloud Database developed by Ragic has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload malicious files and make them available for users to download.
AnalysisAI
Unrestricted file upload in Ragic Enterprise Cloud Database exposes all versions to unauthenticated remote exploitation, allowing attackers to plant malicious files that are subsequently served to authenticated platform users for download. The root cause is CWE-434 (Unrestricted Upload of File with Dangerous Type), meaning the application performs no meaningful validation of file type, content, or extension before persisting uploads. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | No special conditions are required for the upload phase: the file upload endpoint accepts requests from unauthenticated, remote, network-accessible attackers with no configuration prerequisites (CVSS 4.0 AV:N/AC:L/AT:N/PR:N/UI:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 6.9 reflects a medium-severity finding, but the real-world risk profile warrants closer scrutiny. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker identifies a publicly accessible Ragic Enterprise Cloud Database instance and submits a crafted HTTP POST request to the file upload endpoint, attaching a malicious executable or macro-enabled Office document. No credentials, session token, or special configuration is needed. … |
| Remediation | The primary remediation is to apply the vendor-released patch or configuration update described in the TWCERT advisories at https://www.twcert.org.tw/en/cp-139-11032-460c2-2.html - an exact fixed version number is not independently confirmed from available data, so administrators should consult Ragic directly for the patched build. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Enterprise Cloud Database
View allEnterprise Cloud Database from Ragic does not properly validate the file type for uploads. Rated critical severity (CVSS
Enterprise Cloud Database from Ragic does not authenticate access to specific functionality, allowing unauthenticated re
Enterprise Cloud Database from Ragic does not properly validate a specific page parameter, allowing unauthenticated remo
Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. Rated medium
Stored XSS in Ragic Enterprise Cloud Database permits unauthenticated remote attackers to inject persistent JavaScript i
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43272
GHSA-q692-3gm2-wf73