CVE-2023-7334 in Changjetong Information
Summary
by MITRE • 01/16/2026
Changjetong T+ versions up to and including 16.x contain a .NET deserialization vulnerability in an AjaxPro endpoint that can lead to remote code execution. A remote attacker can send a crafted request to /tplus/ajaxpro/Ufida.T.CodeBehind._PriorityLevel,App_Code.ashx?method=GetStoreWarehouseByStore with a malicious JSON body that leverages deserialization of attacker-controlled .NET types to invoke arbitrary methods such as System.Diagnostics.Process.Start. This can result in execution of arbitrary commands in the context of the T+ application service account. Exploitation evidence was observed by the Shadowserver Foundation as early as 2023-08-19 (UTC).
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 01/24/2026
The vulnerability CVE-2023-7334 represents a critical .NET deserialization flaw in Changjetong T+ versions 16.x and earlier, specifically affecting the AjaxPro endpoint at /tplus/ajaxpro/Ufida.T.CodeBehind._PriorityLevel,App_Code.ashx. This vulnerability falls under the category of insecure deserialization as defined by CWE-502, where the application improperly handles deserialization of untrusted data. The affected endpoint processes JSON requests that contain serialized .NET objects, creating a pathway for remote attackers to execute arbitrary code on the target system. The vulnerability was actively exploited as early as August 19, 2023, according to Shadowserver Foundation reports, demonstrating its real-world threat level and the urgency of remediation efforts.
The technical exploitation of this vulnerability leverages the .NET deserialization process to load attacker-controlled types into memory, enabling the invocation of dangerous methods such as System.Diagnostics.Process.Start. This deserialization flaw occurs when the application deserializes JSON payloads without proper validation or sanitization of the contained type information. Attackers can craft malicious requests that, when processed by the vulnerable endpoint, trigger the deserialization of malicious .NET objects. The attack chain typically involves sending a specially crafted JSON payload to the specific endpoint mentioned in the vulnerability description, which then deserializes the data and executes the requested commands within the security context of the T+ application service account. This privilege escalation capability significantly amplifies the impact of the vulnerability.
The operational impact of this vulnerability is severe as it provides attackers with complete remote code execution capabilities on systems running vulnerable Changjetong T+ versions. Since the exploitation occurs in the context of the application service account, attackers can potentially access sensitive business data, modify system configurations, install malware, or establish persistence mechanisms. The vulnerability affects enterprise environments where Changjetong T+ is deployed for business management and accounting purposes, potentially exposing financial data, customer information, and operational processes to compromise. The fact that this vulnerability was actively exploited in the wild demonstrates that threat actors are already leveraging this weakness, making immediate remediation essential for protecting against potential data breaches and system compromise.
Organizations should implement immediate mitigations including applying the latest security patches from Changjetong if available, implementing network segmentation to restrict access to the vulnerable endpoint, and deploying web application firewalls to filter malicious requests. The ATT&CK framework categorizes this vulnerability under T1059.001 (Command and Scripting Interpreter: PowerShell) and T1566.001 (Phishing: Spearphishing Attachment) as attackers may use this vulnerability to execute commands and establish persistence. Additional defensive measures include monitoring for suspicious requests to the affected endpoint, implementing strict input validation for all JSON payloads, and conducting regular security assessments of enterprise applications. Organizations should also consider implementing principle of least privilege access controls and ensuring that the T+ application service account operates with minimal required permissions to limit potential damage from successful exploitation attempts.