CVE-2024-42676

File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows a remote attacker to execute arbitrary code via the /nssys/common/Upload. Aspx? Action=DNPageAjaxPostBack component
Configurations

Configuration 1 (hide)

cpe:2.3:a:isellerpal:enterprise_resource_management_system:*:*:*:*:*:*:*:*

History

19 Aug 2024, 16:11

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de carga de archivos en el sistema de gestión de recursos empresariales Huizhi v.1.0 y anteriores permite a un atacante remoto ejecutar código arbitrario a través de /nssys/common/Upload. ¿Aspx? Action=DNPageAjaxPostBack component
References () https://github.com/WarmBrew/web_vul/blob/main/HZ-cve/HZupload.md - () https://github.com/WarmBrew/web_vul/blob/main/HZ-cve/HZupload.md - Exploit
CPE cpe:2.3:a:isellerpal:enterprise_resource_management_system:*:*:*:*:*:*:*:*
First Time Isellerpal enterprise Resource Management System
Isellerpal

15 Aug 2024, 16:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CWE CWE-434

15 Aug 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-15 14:15

Updated : 2024-08-19 16:11


NVD link : CVE-2024-42676

Mitre link : CVE-2024-42676

CVE.ORG link : CVE-2024-42676


JSON object : View

Products Affected

isellerpal

  • enterprise_resource_management_system
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type