Electronic Archives System
CVE-2026-2684
MEDIUM
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A vulnerability was determined in Tsinghua Unigroup Electronic Archives System up to 3.2.210802(62532). The impacted element is an unknown function of the file /Archive/ErecordManage/uploadFile.html. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Electronic Archives System versions up to 3.2.210802 is affected by improper access control (CVSS 7.3).
Technical ContextAI
This vulnerability (CWE-284: Improper Access Control) affects Electronic Archives System. was determined in Tsinghua Unigroup Electronic Archives System up to 3.2.210802(62532). The impacted element is an unknown function of the file /Archive/ErecordManage/uploadFile.html. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Electronic Archives System
View allPath traversal in Tsinghua Unigroup Electronic Archives System 3.2.210802 allows authenticated remote attackers to read
SQL injection in Tsinghua Unigroup Electronic Archives System versions up to 3.2.210802 allows authenticated remote atta
Tsinghua Unigroup Electronic Archives System 3.2.210802 contains a path traversal vulnerability in the download function
Same weakness CWE-284 – Improper Access Control
View allSame technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today