Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
A vulnerability has been found in Technologies Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /SetWebpagePic.jsp. The manipulation of the argument targetPath/Suffix leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
An unrestricted file upload vulnerability exists in Technologies Integrated Management Platform version 7.17.0 that allows remote attackers to upload malicious files without authentication through the /SetWebpagePic.jsp endpoint by manipulating the targetPath/Suffix parameters. A public proof-of-concept exploit is available, though the vulnerability is not currently in CISA's Known Exploited Vulnerabilities catalog, making this a confirmed exploitable vulnerability with demonstrated attack code that could lead to unauthorized file uploads and potential remote code execution.
Technical ContextAI
The vulnerability affects Technologies Integrated Management Platform (CPE: cpe:2.3:a:technologies:integrated_management_platform:*:*:*:*:*:*:*:*), specifically version 7.17.0 according to EUVD data. The root cause is CWE-434 (Unrestricted Upload of File with Dangerous Type), which occurs when an application accepts file uploads without properly validating file types, extensions, or content. The vulnerable component is the /SetWebpagePic.jsp file, which likely handles image uploads for webpage customization but fails to restrict what types of files can be uploaded or where they can be placed on the server through the targetPath and Suffix parameters.
RemediationAI
No official patch is available as the vendor did not respond to the vulnerability disclosure. Immediate mitigations include: 1) Disable or restrict access to /SetWebpagePic.jsp if not required for operations, 2) Implement web application firewall (WAF) rules to filter requests to this endpoint, 3) Monitor for suspicious file uploads and unexpected file types, 4) Consider upgrading to a newer version if available (though vulnerability status in other versions is unknown), 5) Implement additional access controls requiring authentication for file upload functionality. The VulDB references (https://vuldb.com/?id.351144) should be monitored for updates.
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12355