{
  "id": "CVE-2024-24000",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-02-06T16:15:52.317",
  "lastModified": "2024-02-06T17:52:56.963",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulting in arbitrary file uploads with controllable paths."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24000.txt",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://github.com/jishenghua/jshERP",
      "source": "cve@mitre.org"
    }
  ]
}