Home

Description

An attacker can obtain server information using Path Traversal vulnerability to conduct SQL Injection, which possibly exploits Unrestricted Upload of File with Dangerous Type vulnerability in MarkAny SafePC Enterprise on Windows, Linux.This issue affects SafePC Enterprise: V7.0.* (V7.0.YYYY.MM.DD) before V7.0.1, and V5.*.*.

PUBLISHED Reserved 2025-09-26 | Published 2025-10-02 | Updated 2025-10-02 | Assigner FSI




HIGH: 8.7CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

HIGH: 8.8CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-434 Unrestricted Upload of File with Dangerous Type

Product status

Default status
unaffected

V7.0.* (V7.0.YYYY.MM.DD) before V7.0.1
affected

V5.*.*
affected

Credits

arang(유재욱, Jaewook You) finder

References

www.markany.com/...MarYchq0uP5V1DiSQyKKVLdZPJNYaAiBuEALw_wcB

cve.org (CVE-2025-11020)

nvd.nist.gov (CVE-2025-11020)

Download JSON