Date Posted: 2025/10/22
[Vulnerability Alert] Jayin Information | Pen-Yen Document Management System - Arbitrary File Upload
- Subject: [Vulnerability Alert] Jayin Information | Pen-Yen Document Management System - Arbitrary File Upload
- Content:
- Forwarded from Taiwan Computer Network Emergency Response Team/Coordination Center TWCERTCC-200-202510-00000013
- [Jayin Information | Pen-Yen Document Management System - Arbitrary File Upload] (CVE-2025-11948, CVSS: 9.8) The Pen-Yen Document Management System developed by Jayin Information has an Arbitrary File Upload vulnerability, allowing an unauthenticated remote attacker to upload and execute a web shell program, leading to arbitrary code execution on the server.
- Affected Platforms:
- Pen-Yen Document Management System
- Recommended Action:
- Please contact the vendor for an update
- Reference:
Computer and Communications Center
Network Systems Group
