PT-2024-30101 · Huizhi · Huizhi
Published
2024-08-15
·
Updated
2024-11-18
·
CVE-2024-42676
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Huizhi enterprise resource management system versions 1.0 and before
Description
The issue allows a remote attacker to execute arbitrary code via the "/nssys/common/Upload.aspx?Action=DNPageAjaxPostBack" component. This is a File Upload vulnerability, which can lead to severe data exposure.
Recommendations
For Huizhi enterprise resource management system versions 1.0 and before, patch immediately and review uploaded files for malware. Limit file upload permissions to minimize the risk of exploitation. As a temporary workaround, consider restricting access to the "/nssys/common/Upload.aspx" endpoint until a patch is available.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huizhi