Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
Unrestricted File Upload in Tsinghua Unigroup Electronic Archives System
CVE-2026-2684
Summary
A vulnerability in the Electronic Archives System allows an attacker to upload any file without restriction, potentially allowing them to upload malicious files. This could lead to data breaches or system compromise. Users should update to a fixed version or apply a patch to mitigate the risk.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| unigroup | electronic_archives_system | <= 3.2.210802\(62532\) | – |
Original title
A vulnerability was determined in Tsinghua Unigroup Electronic Archives System up to 3.2.210802(62532). The impacted element is an unknown function of the file /Archive/ErecordManage/uploadFile.htm...
Original description
A vulnerability was determined in Tsinghua Unigroup Electronic Archives System up to 3.2.210802(62532). The impacted element is an unknown function of the file /Archive/ErecordManage/uploadFile.html. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
7.5
nvd CVSS3.1
9.8
nvd CVSS4.0
6.9
Vulnerability type
CWE-284
Improper Access Control
CWE-434
Unrestricted File Upload
- https://github.com/luoye197-prog/ziguang-fileupload Broken Link
- https://github.com/luoye197-prog/ziguang-fileupload/blob/main/introduce%26poc Broken Link
- https://vuldb.com/?ctiid.346475 Permissions Required VDB Entry
- https://vuldb.com/?id.346475 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.753973 Third Party Advisory VDB Entry
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026