CVE-2024-46088

Summary

CVE-2024-46088 is a newly disclosed vulnerability affecting the ProductAction.entphone interface of Zhejiang University Entersoft Customer Resource Management System. This issue permits attackers to upload malicious files arbitrarily, resulting in the execution of arbitrary code on the affected system. The vulnerability can be exploited to gain unauthorized access or perform unintended functions, posing a significant risk to the confidentiality, integrity, and availability of data. The affected versions of the CRM system include those from v2002 to v2024. It is recommended that users apply the necessary patches or upgrades to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.