CVE-2024-13984

UNKNOWN 0.0

Qi'anxin TianQing Management Center rptsvr Arbitrary File Upload

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

QiAnXin TianQing Management Center versions up to and including 6.7.0.4130 contain a path traversal vulnerability in the rptsvr component that allows unauthenticated attackers to upload files to arbitrary locations on the server. The /rptsvr/upload endpoint fails to sanitize the filename parameter in multipart form-data requests, enabling path traversal. This allows attackers to place executable files in web-accessible directories, potentially leading to remote code execution. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-08-23 UTC.

CWE	CWE-73 CWE-22
Vendor	qi'anxin
Product	tianqing management center
Published	Aug 27, 2025
Last Updated	May 14, 2026

Stay Ahead of the Next One

Get instant alerts for qi'anxin tianqing management center

Be the first to know when new unknown vulnerabilities affecting qi'anxin tianqing management center are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Qi'anxin / TianQing Management Center

* ≤ 6.7.0.4130

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cn-sec.com: https://cn-sec.com/archives/2421288.html blog.csdn.net: https://blog.csdn.net/maxiluo/article/details/135865584 qianxin.com: https://www.qianxin.com/product/detail/pid/330 vulncheck.com: https://www.vulncheck.com/advisories/qianxin-tianqing-management-center-arbitrary-file-upload

Credits

Lanyue Security Team