CVE-2024-46088

An arbitrary file upload vulnerability in the ProductAction.entphone interface of Zhejiang University Entersoft Customer Resource Management System v2002 to v2024 allows attackers to execute arbitrary code via uploading a crafted file.
Configurations

No configuration.

History

15 Oct 2024, 12:58

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de carga de archivos arbitrarios en la interfaz Zhejiang University Entersoft Customer Resource Management System v2002 a v2024 de la Universidad de Zhejiang permite a los atacantes ejecutar código arbitrario mediante la carga de un archivo manipulado específicamente para ello.

11 Oct 2024, 21:36

Type Values Removed Values Added
CWE CWE-434
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

11 Oct 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-11 16:15

Updated : 2024-10-15 12:58


NVD link : CVE-2024-46088

Mitre link : CVE-2024-46088

CVE.ORG link : CVE-2024-46088


JSON object : View

Products Affected

No product.

CWE
CWE-434

Unrestricted Upload of File with Dangerous Type