CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48779
https://notcve.org/view.php?id=CVE-2024-48779
15 Oct 2024 — An issue in Wanxing Technology's Yitu project Management Software 3.2.2 allows a remote attacker to execute arbitrary code via the platformpluginpath parameter to specify that the qt plugin loads the directory. • https://gist.github.com/zty-1995/3fcdf702017ad6721e5011f74c1f6cee •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48781
https://notcve.org/view.php?id=CVE-2024-48781
15 Oct 2024 — An issue in Wanxing Technology Yitu Project Management Kirin Edition 2.3.6 allows a remote attacker to execute arbitrary code via a specially constructed so file/opt/EdrawProj-2/plugins/imageformat. • https://gist.github.com/zty-1995/a7948be24b3411759a6afa3cc616dc12 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24122
https://notcve.org/view.php?id=CVE-2024-24122
02 Oct 2024 — A remote code execution vulnerability in the project management of Wanxing Technology's Yitu project which allows an attacker to use the exp.adpx file as a zip compressed file to construct a special file name, which can be used to decompress the project file into the system startup folder, restart the system, and automatically execute the constructed attack script. • https://github.com/zty007666/Shenzhen-Yitu-Software-Yitu-Project-Management-Software/tree/0215da8db607824bc9523ce7532f8fc53ba1b40a/Remote%20Code%20Execution%20Vulnerability_02 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •