|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-06-11 | |
| Rule Name: | Joinf ERP Arbitrary File Upload Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Joinf ERP is an enterprise resource planning software tailored for the foreign trade industry, there is an arbitrary file UploadEmailAttr vulnerability in UploadEmailAttr interface. Through this vulnerability, an attacker without identity can execute code arbitrarily on the server side, write the back door, obtain the server permission, and then control the whole web server. | |
| Impact: | Attackers can upload viruses, Trojans, WebShell, other malicious scripts or pictures containing scripts to the server, and attackers can use these files for subsequent attacks. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |