MidnightBSD

Advisories for isellerpal

CVE-2024-42676

File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows a remote attacker to execute arbitrary code via the /nssys/common/Upload. Aspx? Action=DNPageAjaxPostBack component

Products Affected

Vendor Product Version
isellerpal enterprise_resource_management_system *
CVE-2024-42677

An issue in Huizhi enterprise resource management system v.1.0 and before allows a local attacker to obtain sensitive information via the /nssys/common/filehandle. Aspx component

Products Affected

Vendor Product Version
isellerpal enterprise_resource_management_system *