CVE-2026-4220 | Technologies Integrated Management Platform 7.17.0 /SetWebpagePic.jsp targetPath/Suffix unrestricted upload

Inserito da Angelo Barbosa | Mar 15, 2026 | CVE

A vulnerability identified as critical has been detected in Technologies Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /SetWebpagePic.jsp. The manipulation of the argument targetPath/Suffix leads to unrestricted upload.

This vulnerability is listed as CVE-2026-4220. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4220 | Technologies Integrated Management Platform 7.17.0 /SetWebpagePic.jsp targetPath/Suffix unrestricted upload

Post correlati

CVE-2024-2872 | WP-FeedStats socialdriver-framework Plugin 2024.0.0 on WordPress Setting cross site scripting

CVE-2024-24797 | G5Theme ERE Recently Viewed Plugin up to 1.3 on WordPress deserialization

CVE-2024-57685 | SparkShop up to 1.1.7 Phar File Privilege Escalation

CVE-2024-31404 | Cybozu Garoon up to 6.0.0 Scheduler information disclosure