EUVD-2026-12355
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4Description
A vulnerability has been found in Technologies Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /SetWebpagePic.jsp. The manipulation of the argument targetPath/Suffix leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Analysis
An unrestricted file upload vulnerability exists in Technologies Integrated Management Platform version 7.17.0 that allows remote attackers to upload malicious files without authentication through the /SetWebpagePic.jsp endpoint by manipulating the targetPath/Suffix parameters. A public proof-of-concept exploit is available, though the vulnerability is not currently in CISA's Known Exploited Vulnerabilities catalog, making this a confirmed exploitable vulnerability with demonstrated attack code that could lead to unauthorized file uploads and potential remote code execution.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify and inventory all instances of Technologies Integrated Management Platform v7.17.0 in your environment and assess exposure to untrusted networks. Within 7 days: Implement network-level restrictions to the /SetWebpagePic.jsp endpoint and deploy WAF rules to block suspicious file uploads; consider disabling the webpage picture upload feature if non-critical. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today