nvd-json-data-feeds/CVE-2024/CVE-2024-568xx/CVE-2024-56829.json

{
  "id": "CVE-2024-56829",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2025-01-02T04:15:05.557",
  "lastModified": "2025-01-06T21:15:15.300",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx."
    },
    {
      "lang": "es",
      "value": "Huang Yaoshi Pharmaceutical Management Software hasta la versi\u00f3n 16.0 permite la carga de archivos arbitrarios mediante un nombre de archivo .asp en el elemento fileName del elemento UploadFile en una solicitud SOAP a /XSDService.asmx."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "cve@mitre.org",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0
      }
    ]
  },
  "weaknesses": [
    {
      "source": "cve@mitre.org",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/Zerone0x00/CVE/blob/main/%E9%BB%84%E8%8D%AF%E5%B8%88%E8%8D%AF%E4%B8%9A%E7%AE%A1%E7%90%86%E8%BD%AF%E4%BB%B6/UploadFile%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://github.com/Zerone0x00/CVE/blob/main/%E9%BB%84%E8%8D%AF%E5%B8%88%E8%8D%AF%E4%B8%9A%E7%AE%A1%E7%90%86%E8%BD%AF%E4%BB%B6/UploadFile%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md",
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
    }
  ]
}