First published: Fri May 24 2024(Updated: )
An arbitrary file upload vulnerability in the File Preview function of Xintongda OA v2023.12.30.1 allows attackers to execute arbitrary code via uploading a crafted PDF file.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Tongda OA |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-35595 is considered a high severity vulnerability due to its potential for arbitrary code execution.
To fix CVE-2024-35595, apply the latest security patches for Xintongda OA and ensure that file upload validation is implemented properly.
CVE-2024-35595 is classified as an arbitrary file upload vulnerability which allows attackers to execute malicious code.
CVE-2024-35595 affects the Xintongda OA software version 2023.12.30.1.
Yes, CVE-2024-35595 can lead to data breaches if an attacker successfully uploads a malicious file that executes arbitrary code.