EUVD-2026-13725CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
Precurio Intranet Portal 4.4 contains a cross-site request forgery (CSRF) weakness that can allow an attacker to induce an authenticated user to submit a crafted request to a profile update endpoint that handles file uploads. If the application stores attacker-controlled content as an executable server-side file (e.g., in a web-accessible location with an executable extension), this can lead to arbitrary code execution in the context of the web server.
Analysis
Precurio Intranet Portal 4.4 contains a CSRF vulnerability that allows attackers to trick authenticated users into uploading malicious files to the server, potentially leading to remote code execution with web server privileges. A public exploit is available via PacketStorm (file ID 215644), significantly lowering the barrier for exploitation. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems running Precurio 4.4 and assess business criticality; notify affected business units of the risk. Within 7 days: Implement compensating controls (WAF rules blocking suspicious file uploads, disable file upload features if non-critical, restrict portal access via network segmentation). …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today