Approved changes feed: RSS · Atom

cpe:2.3:a:digiwin:erp:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorDigiwin (18dbde5d-3a25-581d-bda3-d32fc7ff848a)
ProductErp (5a74e7c1-b612-5165-93b7-c45e36c5192d)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2025-2706 vulnerable 2026-06-08 07:16:58.107886 Digiwin ERP UploadAjaxAPI.ashx unrestricted upload
MEDIUM (6.3)
A vulnerability classified as critical was found in Digiwin ERP 5.0.1. Affected by this vulnerability is an unknown functionality of the file /Api/TinyMce/UploadAjaxAPI.ashx. The manipulation of the argument File leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-03-24T18:31:03.890Z
Updated: 2025-03-24T19:31:04.860Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2025-2705 vulnerable 2026-06-08 07:16:58.107479 Digiwin ERP FileUploadApi.ashx DoWebUpload unrestricted upload
HIGH (7.3)
A vulnerability classified as critical has been found in Digiwin ERP 5.1. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2025-03-24T16:00:07.614Z
Updated: 2025-03-24T18:02:49.037Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.