CVE-2024-56829
CVSS 3.1 Score 10 of 10 (high)
Details
Published Jan 2, 2025
Updated: Jan 6, 2025
CWE ID 434
Summary
CVE-2024-56829 is a newly disclosed vulnerability affecting the Huang Yaoshi Pharmaceutical Management Software before version 16.0. This issue permits attackers to arbitrarily upload files through a .asp filename in the UploadFile element of a SOAP request sent to the /XSDService.asmx endpoint. Successful exploitation could lead to serious consequences, including unauthorized system access and data breaches. Users are strongly advised to update their software to the latest version to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Pharmaceutical Management Software