CVE-2024-56829

CVSS 3.1 Score 10 of 10 (high)

Details

Published Jan 2, 2025
Updated: Jan 6, 2025
CWE ID 434

Summary

CVE-2024-56829 is a newly disclosed vulnerability affecting the Huang Yaoshi Pharmaceutical Management Software before version 16.0. This issue permits attackers to arbitrarily upload files through a .asp filename in the UploadFile element of a SOAP request sent to the /XSDService.asmx endpoint. Successful exploitation could lead to serious consequences, including unauthorized system access and data breaches. Users are strongly advised to update their software to the latest version to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share