CVE-2024-46088

CRITICAL

Zhejiang University Entersoft CRM <2024 - RCE

Title source: llm

Description

An arbitrary file upload vulnerability in the ProductAction.entphone interface of Zhejiang University Entersoft Customer Resource Management System v2002 to v2024 allows attackers to execute arbitrary code via uploading a crafted file.

References (3)

Core 3

Core References

Various Sources

http://zhejiang.com

Various Sources

https://periwinkle-brother-031.notion.site/Analysis-of-any-file-upload-vulnerability-of-Zhejiang-University-Entersoft-Customer-Resource-Managem-0f88a0e77d6f4f638bc3c4e508a1e0ed

Various Sources

https://www.entersoft.cn/

Scores

CVSS v3 9.8

EPSS 0.0030

EPSS Percentile 52.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-434

Status published

Published Oct 11, 2024

Tracked Since Feb 18, 2026