CVE-2023-7334 in Changjetong Informationinfo

Zusammenfassung

von MITRE • 16.01.2026

Changjetong T+ versions up to and including 16.x contain a .NET deserialization vulnerability in an AjaxPro endpoint that can lead to remote code execution. A remote attacker can send a crafted request to /tplus/ajaxpro/Ufida.T.CodeBehind._PriorityLevel,App_Code.ashx?method=GetStoreWarehouseByStore with a malicious JSON body that leverages deserialization of attacker-controlled .NET types to invoke arbitrary methods such as System.Diagnostics.Process.Start. This can result in execution of arbitrary commands in the context of the T+ application service account. Exploitation evidence was observed by the Shadowserver Foundation as early as 2023-08-19 (UTC).

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

VulnCheck

Reservieren

15.01.2026

Veröffentlichung

16.01.2026

Moderieren

akzeptiert

Eintrag

VDB-341479

CPE

bereit

CWE

CWE-502 (bestätigt)

CVSS

9.8 (NVD)

EPSS

0.00417

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2023-7334
NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-7334
CVE Details	https://www.cvedetails.com/cve/CVE-2023-7334/

◂ Zurück Übersicht Weiter ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!