VYPR

ERP

by Digiwin

CVEs (2)

  • CVE-2025-2705HigMar 24, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability classified as critical has been found in Digiwin ERP 5.1. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The…

  • CVE-2025-2706MedMar 24, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability classified as critical was found in Digiwin ERP 5.0.1. Affected by this vulnerability is an unknown functionality of the file /Api/TinyMce/UploadAjaxAPI.ashx. The manipulation of the argument File leads to unrestricted upload. The attack can be launched remotely.…