CVE Catalog

CVE-2026-13547

HighCVSS 7.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

A vulnerability was found in Hanwang e-Face General Management Platform 6.3.5.4, allowing unrestricted file upload. The issue affects the /manage/resourceUpload/upload.do endpoint, where manipulation of the File argument enables remote upload of arbitrary files. The exploit has been publicly disclosed and may be used.

Risk Assessment

The risk involves an attacker being able to remotely upload a malicious file (e.g., a webshell), potentially leading to server compromise and data breach.

Recommendation

Immediately update the platform to the latest version or apply the available patch. As a temporary measure, restrict access to the /manage/resourceUpload/upload.do endpoint and implement server-side file type validation.

Original NVD description (English source)

A vulnerability was determined in Hanwang e-Face General Management Platform 6.3.5.4. This issue affects some unknown processing of the file /manage/resourceUpload/upload.do. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS