Search criteria
1 vulnerability by Global IT Informatics Services Inc.
CVE-2026-6211 (GCVE-0-2026-6211)
Vulnerability from cvelistv5 – Published: 2026-06-12 14:10 – Updated: 2026-06-12 15:17
VLAI?
Title
Arbitrary File Upload in Global IT's WEOLL
Summary
Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc. WEOLL allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects WEOLL: from 2.0.9 before 3.2.45.33.
Severity ?
8.7 (High)
CWE
- CWE-434 - Unrestricted upload of file with dangerous type
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Global IT Informatics Services Inc. | WEOLL |
Affected:
2.0.9 , < 3.2.45.33
(custom)
|
Credits
Hamza Metin GERDAN
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6211",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-12T15:17:38.883745Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T15:17:46.222Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WEOLL",
"vendor": "Global IT Informatics Services Inc.",
"versions": [
{
"lessThan": "3.2.45.33",
"status": "affected",
"version": "2.0.9",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hamza Metin GERDAN"
}
],
"datePublic": "2026-06-12T14:05:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc. WEOLL allows Accessing Functionality Not Properly Constrained by ACLs.\u003cp\u003eThis issue affects WEOLL: from 2.0.9 before 3.2.45.33.\u003c/p\u003e"
}
],
"value": "Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc. WEOLL allows Accessing Functionality Not Properly Constrained by ACLs.\n\nThis issue affects WEOLL: from 2.0.9 before 3.2.45.33."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted upload of file with dangerous type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T14:10:15.222Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0369"
}
],
"source": {
"advisory": "TR-26-0369",
"defect": [
"TR-26-0369"
],
"discovery": "UNKNOWN"
},
"title": "Arbitrary File Upload in Global IT\u0027s WEOLL",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-6211",
"datePublished": "2026-06-12T14:10:15.222Z",
"dateReserved": "2026-04-13T12:16:39.879Z",
"dateUpdated": "2026-06-12T15:17:46.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}