Vulnerabilities

Update: CVE-2023-7334 - Changjetong T+ <= 16.x getstorewarehousebystore deserialization rce

2026-01-15 0 views admin

CVE ID : CVE-2023-7334 Published : Jan. 15, 2026, 9:44 p.m. | 25 minutes ago Description : Changjetong T+ versions up to and including 16.x contain a .NET deserialization vulnerability in an AjaxPro endpoint that can lead to remote code execution. A remote attacker can send a crafted request to /tplus/ajaxpro/Ufida.T.CodeBehind._PriorityLevel,App_Code.ashx?method=GetStoreWarehouseByStore with a malicious JSON body that leverages deserialization of attacker-controlled .NET types to invoke arbitrary methods such as System.Diagnostics.Process.Start. This can result in execution of arbitrary commands in the context of the T+ application service account. Exploitation evidence was observed by the Shadowserver Foundation on 2023-08-19 (UTC). Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2023-7334

Severity

CRITICAL

Published

Jan. 15, 2026

Impact: remote code execution

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2023-7334critical

Update: CVE-2023-7334 - Changjetong T+ <= 16.x getstorewarehousebystore deserialization rce

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-21903 - Junos OS: Subscribing to telemetry sensors at scale causes all FPCs to crash - Guide

- Eclipse Vert.x Web static handler file access denial CVE-2026-1002

Breaking: CVE-2026-0203 - Junos OS: Receipt of a specifically malformed ICMP packet causes an FPC restart

CVE-2025-70893 - PHPGurukul Cyber Cafe Management System SQL Injection

Trending

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

Tech: Data is the only moat

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

Tech: AWS European Sovereign Cloud

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3