2 matches found
CVE-2022-50973
Summary: CVE-2022-50973 affects Yonyou KSOA 9.0. The issue is an unauthenticated arbitrary file upload vulnerability in the com.sksoft.bill.ImageUpload servlet. Exploitation requires no authentication and relies on attacker-controlled filepath and filename parameters, with no validation of file t...
CVE-2023-7334 Changjetong T+ <= 16.x GetStoreWarehouseByStore Deserialization RCE
Changjetong T+ versions up to and including 16.x contain a .NET deserialization vulnerability in an AjaxPro endpoint that can lead to remote code execution. A remote attacker can send a crafted request to /tplus/ajaxpro/Ufida.T.CodeBehind.PriorityLevel,AppCode.ashx?method=GetStoreWarehouseByStore...