CVE-2026-13547
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk20th percentile — higher than 20% of all known CVEs
Summary
A vulnerability was found in Hanwang e-Face General Management Platform 6.3.5.4, allowing unrestricted file upload. The issue affects the /manage/resourceUpload/upload.do endpoint, where manipulation of the File argument enables remote upload of arbitrary files. The exploit has been publicly disclosed and may be used.
Risk Assessment
The risk involves an attacker being able to remotely upload a malicious file (e.g., a webshell), potentially leading to server compromise and data breach.
Recommendation
Immediately update the platform to the latest version or apply the available patch. As a temporary measure, restrict access to the /manage/resourceUpload/upload.do endpoint and implement server-side file type validation.
Original NVD description (English source)
A vulnerability was determined in Hanwang e-Face General Management Platform 6.3.5.4. This issue affects some unknown processing of the file /manage/resourceUpload/upload.do. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.

