Vulnerabilities > Diaowen > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-01 | CVE-2023-40980 | Unrestricted Upload of File with Dangerous Type vulnerability in Diaowen Dwsurvey 1.0/3.2.0 File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file. | 9.8 |
| 2022-03-20 | CVE-2021-39383 | Code Injection vulnerability in Diaowen Dwsurvey 3.2.0 DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java. | 9.8 |
| 2022-03-20 | CVE-2021-39384 | Unrestricted Upload of File with Dangerous Type vulnerability in Diaowen Dwsurvey 3.2.0 DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java. | 9.8 |