CVE-2024-24122

Oct. 4, 2024, 1:50 p.m.

None
No Score

Description

A remote code execution vulnerability in the project management of Wanxing Technology's Yitu project which allows an attacker to use the exp.adpx file as a zip compressed file to construct a special file name, which can be used to decompress the project file into the system startup folder, restart the system, and automatically execute the constructed attack script.

Product(s) Impacted

Product Versions
Yitu project
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://gist.github.com/zty-1995/effed155177edd7b22fdf2c082e32984
https://github.com/zty007666/Shenzhen-Yitu-Software-Yitu-Project-Management-Software/tree/0215da8db607824bc9523ce7532f8fc53ba1b40a/Remote%20Code%20Execution%20Vulnerability_02

Tags

cve@mitre.org
2024-10-02
CVE-2024-24122

Timeline

Published: Oct. 2, 2024, 6:15 p.m.
Last Modified: Oct. 4, 2024, 1:50 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.