CVE-2026-6835

MEDIUM WAF: Medium

CVSS 6.1 Published: 2026-04-22

CWE-434

The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload arbitrary files to any path, including HTML documents, which may result in a XSS-like effect.

WAF Coverage Analysis

Unrestricted File Upload Medium WAF Coverage

OWASP: A04:2021 Insecure Design

930xxx - Local File Inclusion

References

www.twcert.org.tw
www.twcert.org.tw

Back to CVE Database