CVE-2024-46088

Name of the Vulnerable Software and Affected Versions Zhejiang University Entersoft Customer Resource Management System versions v2002 through v2024

Description An arbitrary file upload vulnerability in the ProductAction.entphone interface allows attackers to execute arbitrary code via uploading a crafted file. This issue poses a significant risk, and updating to the latest version and following security best practices are crucial to protect systems.

Recommendations For versions v2002 through v2024, update to the latest version and apply all recommended patches immediately to safeguard your systems. As a temporary workaround, consider restricting access to the ProductAction.entphone interface until a patch is available.