Description
File upload vulnerability found in Softexpert Excellence Suite v.2.1 allows attackers to execute arbitrary code via a .php file upload to the form/efms_exec_html/file_upload_parser.php endpoint.
References (1)
Core 1
Core References
Various Sources
https://gist.github.com/rodnt/90ac26fdf891e602f6f090d6aebce32d
Scores
CVSS v3
6.3
EPSS
0.0036
EPSS Percentile
27.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-94
Status
published
Published
Jun 26, 2024
Tracked Since
Feb 18, 2026