CVE-2026-5261 | Shandong Hoteam InforCenter PLM up to 8.3.8 /Base/BaseHandler.ashx uploadFileToIIS File unrestricted upload

Inserito da Angelo Barbosa | Mar 31, 2026 | CVE

A vulnerability marked as critical has been reported in Shandong Hoteam InforCenter PLM up to 8.3.8. The impacted element is the function uploadFileToIIS of the file /Base/BaseHandler.ashx. The manipulation of the argument File leads to unrestricted upload.

This vulnerability is traded as CVE-2026-5261. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-5261 | Shandong Hoteam InforCenter PLM up to 8.3.8 /Base/BaseHandler.ashx uploadFileToIIS File unrestricted upload

Post correlati

CVE-2025-55367 | jshERP 3.5 SupplierController.java access control

CVE-2024-31244 | Bricksforge Plugin up to 2.0.17 on WordPress authorization

CVE-2024-57258 | DENEX U-Boot prior 2025.01-rc1 Memory Allocator integer overflow

CVE-2024-6861 | Foreman up to 3.2 GraphQL API information disclosure