CVE-2026-4201 | glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393 SysFileController.java upload unrestricted upload

A vulnerability was found in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. It has been declared as critical. This vulnerability affects the function Upload of the file business/business-system/src/main/java/com/glowxq/system/admin/controller/SysFileController.java. Executing a manipulation can lead to unrestricted upload.

This vulnerability is tracked as CVE-2026-4201. The attack can be launched remotely. Moreover, an exploit is present.

This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4201 | glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393 SysFileController.java upload unrestricted upload

Post correlati

CVE-2025-9106 | Portabilis i-Diario up to 1.5.0 Informações Adicionais Page /planos-de-ensino-por-disciplina Parecer/Conteúdos/Objetivos cross site scripting

CVE-2024-10849 | desertthemes NewsMash Plugin up to 1.0.71 on WordPress Display Name cross site scripting

CVE-2024-0447 | ArtiBot Free Chat Bot Plugin up to 1.1.6 on WordPress Setting authorization

CVE-2024-6600 | Mozilla Firefox up to 127.x ANGLE allocation of resources