2 matches found
CVE-2024-35079
An arbitrary file upload vulnerability in the uploadAudio method of inxedu v2024.4 allows attackers to execute arbitrary code via uploading a crafted .jsp file...
CVE-2024-35080
Inxedu v2024.4 contains an arbitrary file upload vulnerability in the gok4 method that allows remote code execution by uploading a crafted .jsp file. CVE-2024-35080 is ranked CRITICAL (CVSS 3.1: 9.8) with network access, no authentication, and no user interaction required. The underlying issue is...