Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A vulnerability was identified in Shandong Hoteam InforCenter PLM up to 8.3.8. The impacted element is the function uploadFileToIIS of the file /Base/BaseHandler.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Unrestricted file upload in Shandong Hoteam InforCenter PLM versions up to 8.3.8 allows remote unauthenticated attackers to upload arbitrary files via the uploadFileToIIS function in /Base/BaseHandler.ashx, with a CVSS score of 6.9 and publicly available exploit code. The vendor did not respond to early disclosure notification, leaving all affected versions unpatched and at active risk.
Technical ContextAI
The vulnerability exists in the uploadFileToIIS function of the BaseHandler.ashx endpoint in Shandong Hoteam InforCenter PLM, a Product Lifecycle Management (PLM) system. The vulnerability is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type), indicating insufficient validation of uploaded file content, type, or destination. The affected endpoint accepts a 'File' parameter without proper validation, allowing attackers to bypass intended file upload restrictions. BaseHandler.ashx is a common ASP.NET HTTP handler pattern used for processing file operations, and the direct exposure of this handler to unauthenticated remote requests creates a direct attack surface. The CVSS 4.0 vector shows network-accessible attack vector (AV:N), no complexity (AC:L), no authentication required (PR:N), and confidentiality/integrity/availability impact at low scope, suggesting the uploaded files can lead to information disclosure or system compromise depending on the application's handling of uploaded content.
RemediationAI
No vendor-released patch identified at time of analysis. The vendor (Shandong Hoteam) did not respond to early disclosure and has not released a patched version. Organizations must immediately restrict network access to the /Base/BaseHandler.ashx endpoint using firewall rules or web application firewall (WAF) policies to block unauthenticated requests to this path. Implement input validation and file type restrictions at the application or proxy level if possible. Monitor for suspicious file uploads targeting BaseHandler.ashx. Consider isolating affected InforCenter PLM instances from production networks or disabling the uploadFileToIIS function if not required for business operations. Escalate requests to Shandong Hoteam for a security patch and timeline; if unresponsive, evaluate alternative PLM solutions or implement compensating security controls (e.g., sandboxed execution, file upload scanning, access logging). References: https://vuldb.com/vuln/354450, https://vuldb.com/vuln/354450/cti
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17849
GHSA-m245-c8r9-78c2