Security Advisory

CVE-2024-24000

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-02-06 00:00:00
Last updated 2025-06-12 14:40:17
Assigner mitre
State PUBLISHED

Description

jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulting in arbitrary file uploads with controllable paths.