4 matches found
CVE-2024-24000
jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulting in arbitrary file uploads with controllable paths...
CVE-2024-24000
creationtimestamp| type| source ---|---|--- 2024-02-06 17:31:58+00:00| seen| https://t.me/ctinow/180161 2024-03-01 10:46:19+00:00| seen| https://t.me/ctinow/197489...
CVE-2024-24000
jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulting in arbitrary file uploads with controllable paths...
CVE-2024-24000
CVE-2024-24000 affects jshERP v3.3. The vulnerability arises in the jshERP-boot/systemConfig/upload endpoint, which does not validate the uploaded file type and allows the biz parameter to be spliced into the upload path, enabling arbitrary file uploads with controllable paths. Reported impact is...