xiweicheng TMS FileController.java upload unrestricted upload_CVE-2026-1061

{
    "lastseen": "",
    "description": "A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. The exploit is now public and may be used.",
    "published": "2026-01-17T19:02:05.480Z",
    "modified": "2026-01-17T19:02:05.480Z",
    "type": "cve",
    "title": "xiweicheng TMS FileController.java upload unrestricted upload",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.341629\nhttps://vuldb.com/?ctiid.341629\nhttps://vuldb.com/?submit.731240\nhttps://github.com/bkglfpp/CVE-md/blob/main/%E5%95%86%E6%88%B7%E5%95%86%E5%9F%8E%E2%80%94%E5%95%86%E5%9F%8E%E5%BC%80%E5%8F%91tms/%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md",
    "id": "CVE-2026-1061",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "xiweicheng TMS 2.0\nxiweicheng TMS 2.1\nxiweicheng TMS 2.2\nxiweicheng TMS 2.3\nxiweicheng TMS 2.4\nxiweicheng TMS 2.5\nxiweicheng TMS 2.6\nxiweicheng TMS 2.7\nxiweicheng TMS 2.8\nxiweicheng TMS 2.9\nxiweicheng TMS 2.10\nxiweicheng TMS 2.11\nxiweicheng TMS 2.12\nxiweicheng TMS 2.13\nxiweicheng TMS 2.14\nxiweicheng TMS 2.15\nxiweicheng TMS 2.16\nxiweicheng TMS 2.17\nxiweicheng TMS 2.18\nxiweicheng TMS 2.19\nxiweicheng TMS 2.20\nxiweicheng TMS 2.21\nxiweicheng TMS 2.22\nxiweicheng TMS 2.23\nxiweicheng TMS 2.24\nxiweicheng TMS 2.25\nxiweicheng TMS 2.26\nxiweicheng TMS 2.27\nxiweicheng TMS 2.28.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "TMS",
    "version": "2.0",
    "vendor": "xiweicheng",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}