CVE-2025-15240

High CVSS: 8.7

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

Vendor

Quantatw

Product

Qoca Aim

CWE

CWE-434

Yayın Tarihi

2026-01-05 09:15:54

Güncelleme

2026-01-20 21:10:57

Source Identifier

twcert@cert.org.tw

KEV Date Added

Kategoriler

CWE-434 Qoca Aim HIGH Quantatw 2026

Referanslar

https://www.twcert.org.tw/en/cp-139-10616-cd942-2.html https://www.twcert.org.tw/tw/cp-132-10615-157a3-1.html

Benzer Kayıtlar

High

CVE-2025-15239

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticate…

High

CVE-2025-15235

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Missing Authorization vulnerability, allowing auth…

Medium

CVE-2025-15236

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticat…

Medium

CVE-2025-15237

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticat…

High

CVE-2025-15238

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticate…