{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1061", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-01-16T19:09:09.143Z", "datePublished": "2026-01-17T19:02:05.480Z", "dateUpdated": "2026-02-23T08:33:50.345Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T08:33:50.345Z"}, "title": "xiweicheng TMS FileController.java upload unrestricted upload", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-434", "lang": "en", "description": "Unrestricted Upload"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "Improper Access Controls"}]}], "affected": [{"vendor": "xiweicheng", "product": "TMS", "versions": [{"version": "2.0", "status": "affected"}, {"version": "2.1", "status": "affected"}, {"version": "2.2", "status": "affected"}, {"version": "2.3", "status": "affected"}, {"version": "2.4", "status": "affected"}, {"version": "2.5", "status": "affected"}, {"version": "2.6", "status": "affected"}, {"version": "2.7", "status": "affected"}, {"version": "2.8", "status": "affected"}, {"version": "2.9", "status": "affected"}, {"version": "2.10", "status": "affected"}, {"version": "2.11", "status": "affected"}, {"version": "2.12", "status": "affected"}, {"version": "2.13", "status": "affected"}, {"version": "2.14", "status": "affected"}, {"version": "2.15", "status": "affected"}, {"version": "2.16", "status": "affected"}, {"version": "2.17", "status": "affected"}, {"version": "2.18", "status": "affected"}, {"version": "2.19", "status": "affected"}, {"version": "2.20", "status": "affected"}, {"version": "2.21", "status": "affected"}, {"version": "2.22", "status": "affected"}, {"version": "2.23", "status": "affected"}, {"version": "2.24", "status": "affected"}, {"version": "2.25", "status": "affected"}, {"version": "2.26", "status": "affected"}, {"version": "2.27", "status": "affected"}, {"version": "2.28.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. The exploit is now public and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-01-16T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-01-16T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-01-18T00:39:03.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "youran (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.341629", "name": "VDB-341629 | xiweicheng TMS FileController.java upload unrestricted upload", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.341629", "name": "VDB-341629 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.731240", "name": "Submit #731240 | https://gitee.com/xiweicheng/tms/ Merchant Mall - Mall Development/TMS 1.0 Unrestricted Upload", "tags": ["third-party-advisory"]}, {"url": "https://github.com/bkglfpp/CVE-md/blob/main/%E5%95%86%E6%88%B7%E5%95%86%E5%9F%8E%E2%80%94%E5%95%86%E5%9F%8E%E5%BC%80%E5%8F%91tms/%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-21T16:30:52.708751Z", "id": "CVE-2026-1061", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-21T16:31:01.859Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1061", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-21T16:30:52.708751Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-21T16:30:58.589Z"}}], "cna": {"title": "xiweicheng TMS FileController.java upload unrestricted upload", "credits": [{"lang": "en", "type": "reporter", "value": "youran (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "xiweicheng", "product": "TMS", "versions": [{"status": "affected", "version": "2.0"}, {"status": "affected", "version": "2.1"}, {"status": "affected", "version": "2.2"}, {"status": "affected", "version": "2.3"}, {"status": "affected", "version": "2.4"}, {"status": "affected", "version": "2.5"}, {"status": "affected", "version": "2.6"}, {"status": "affected", "version": "2.7"}, {"status": "affected", "version": "2.8"}, {"status": "affected", "version": "2.9"}, {"status": "affected", "version": "2.10"}, {"status": "affected", "version": "2.11"}, {"status": "affected", "version": "2.12"}, {"status": "affected", "version": "2.13"}, {"status": "affected", "version": "2.14"}, {"status": "affected", "version": "2.15"}, {"status": "affected", "version": "2.16"}, {"status": "affected", "version": "2.17"}, {"status": "affected", "version": "2.18"}, {"status": "affected", "version": "2.19"}, {"status": "affected", "version": "2.20"}, {"status": "affected", "version": "2.21"}, {"status": "affected", "version": "2.22"}, {"status": "affected", "version": "2.23"}, {"status": "affected", "version": "2.24"}, {"status": "affected", "version": "2.25"}, {"status": "affected", "version": "2.26"}, {"status": "affected", "version": "2.27"}, {"status": "affected", "version": "2.28.0"}]}], "timeline": [{"lang": "en", "time": "2026-01-16T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-01-16T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-01-18T00:39:03.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.341629", "name": "VDB-341629 | xiweicheng TMS FileController.java upload unrestricted upload", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.341629", "name": "VDB-341629 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.731240", "name": "Submit #731240 | https://gitee.com/xiweicheng/tms/ Merchant Mall - Mall Development/TMS 1.0 Unrestricted Upload", "tags": ["third-party-advisory"]}, {"url": "https://github.com/bkglfpp/CVE-md/blob/main/%E5%95%86%E6%88%B7%E5%95%86%E5%9F%8E%E2%80%94%E5%95%86%E5%9F%8E%E5%BC%80%E5%8F%91tms/%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. The exploit is now public and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "Unrestricted Upload"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "Improper Access Controls"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T08:33:50.345Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1061", "state": "PUBLISHED", "dateUpdated": "2026-02-23T08:33:50.345Z", "dateReserved": "2026-01-16T19:09:09.143Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-01-17T19:02:05.480Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xiweicheng:teamwork_management_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "836FAB89-E919-491F-B9A9-E0B41BB67E77", "versionEndIncluding": "2.28.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. The exploit is now public and may be used."}, {"lang": "es", "value": "Se detect\u00f3 una vulnerabilidad en xiweicheng TMS hasta 2.28.0. Afectada por este problema es la funci\u00f3n Upload del archivo src/main/java/com/lhjz/portal/controller/FileController.java. La manipulaci\u00f3n del argumento filename resulta en una carga sin restricciones. El ataque puede realizarse de forma remota. El exploit ahora es p\u00fablico y puede ser utilizado."}], "id": "CVE-2026-1061", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-01-17T19:15:51.140", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/bkglfpp/CVE-md/blob/main/%E5%95%86%E6%88%B7%E5%95%86%E5%9F%8E%E2%80%94%E5%95%86%E5%9F%8E%E5%BC%80%E5%8F%91tms/%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.341629"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.341629"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.731240"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-434"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T05:33:35.549218+00:00", "value": {"mitigation_remediation": ["Upgrade to a patched version of xiweicheng TMS that includes input validation or limits for file uploads, or apply the vendor's official patch if available.", "Restrict the upload handler to accept only approved MIME types and file extensions, and enforce size limits on uploaded content.", "Configure file system permissions so that uploaded files cannot be executed, and isolate the upload directory from the web root.", "Monitor the upload endpoint for anomalous activity and enforce rate limiting to mitigate abuse."], "summary": {"action": "Apply Patch", "impact": "Unrestricted file upload allows remote content placement"}, "threat_synthesis": {"affected_systems": "The vulnerability affects xiweicheng TMS versions up to and including 2.28.0. Users operating any supported release of the TMS product prior to a corrected version are at risk. No specific subcomponents beyond the FileController were identified as affected.", "description_and_impact": "The upload endpoint in xiweicheng TMS is vulnerable to unrestricted file uploads due to insufficient filename validation. An attacker can submit a crafted filename and payload, causing the server to store the file without restricting type or size. This flaw is aligned with CWE\u2011284 (Improper Access Control) and CWE\u2011434 (Unrestricted Upload of File with Dangerous Type). If the uploaded file is executable or contains a malicious script, it could result in remote code execution, data tampering, or web defacement.", "risk_and_exploitability": "With a CVSS score of 5.3 the issue is of moderate severity, and the EPSS score of less than 1\u202f% indicates a low incidence of exploitation in the wild. The problem is not listed in the CISA KEV catalog. The attack vector is remote; an attacker merely needs to transmit a malicious file to the upload endpoint. Because the system accepts arbitrary filenames and file types, a successful upload could allow later execution or compromise of the web application, meaning that the risk remains significant despite the low EPSS."}}}}, "created": "2026-01-19T09:19:11.653568+00:00", "updated": "2026-04-18T05:45:38.164939+00:00", "vendors": ["xiweicheng", "xiweicheng$PRODUCT$tms"]}