{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-25T13:19:40.887","vulnerabilities":[{"cve":{"id":"CVE-2023-7334","sourceIdentifier":"disclosure@vulncheck.com","published":"2026-01-15T22:16:10.180","lastModified":"2026-01-23T19:51:22.190","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Changjetong T+ versions up to and including 16.x contain a .NET deserialization vulnerability in an AjaxPro endpoint that can lead to remote code execution. A remote attacker can send a crafted request to /tplus/ajaxpro/Ufida.T.CodeBehind._PriorityLevel,App_Code.ashx?method=GetStoreWarehouseByStore with a malicious JSON body that leverages deserialization of attacker-controlled .NET types to invoke arbitrary methods such as System.Diagnostics.Process.Start. This can result in execution of arbitrary commands in the context of the T+ application service account. Exploitation evidence was observed by the Shadowserver Foundation as early as 2023-08-19 (UTC)."},{"lang":"es","value":"Las versiones de Changjetong T+ hasta la 16.x inclusive contienen una vulnerabilidad de deserialización de .NET en un endpoint de AjaxPro que puede conducir a la ejecución remota de código. Un atacante remoto puede enviar una solicitud manipulada a /tplus/ajaxpro/Ufida.T.CodeBehind._PriorityLevel,App_Code.ashx?method=GetStoreWarehouseByStore con un cuerpo JSON malicioso que aprovecha la deserialización de tipos .NET controlados por el atacante para invocar métodos arbitrarios como System.Diagnostics.Process.Start. Esto puede resultar en la ejecución de comandos arbitrarios en el contexto de la cuenta de servicio de la aplicación T+. La Shadowserver Foundation observó evidencia de explotación tan pronto como el 19 de agosto de 2023 (UTC)."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:chanjetvip:t\\+:*:*:*:*:*:*:*:*","versionEndIncluding":"16.000.000.0283","matchCriteriaId":"4A757EDD-1A0D-44F5-A755-70279012DBFB"}]}]}],"references":[{"url":"https://blog.csdn.net/qq_53003652/article/details/134031230","source":"disclosure@vulncheck.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://blog.csdn.net/u010025272/article/details/131553591","source":"disclosure@vulncheck.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/MD-SEC/MDPOCS/blob/main/ChangJieTongTPlus_GetStoreWarehouseByStore_Rce_Poc.py","source":"disclosure@vulncheck.com","tags":["Product"]},{"url":"https://www.chanjetvip.com/product/goods/detail?id=6077e91b70fa071069139f62","source":"disclosure@vulncheck.com","tags":["Release Notes"]},{"url":"https://www.freebuf.com/articles/web/381731.html","source":"disclosure@vulncheck.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.vulncheck.com/advisories/changjetong-tplus-getstorewarehousebystore-deserialization-rce","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://www.freebuf.com/articles/web/381731.html","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}}]}