CVE-2023-7334
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| changjetong | t+ | to 16.x (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2023-7334 is a critical remote code execution vulnerability in Changjetong T+ versions up to 16.x. It occurs due to unsafe deserialization of attacker-controlled .NET objects in an AjaxPro endpoint. An attacker can send a specially crafted JSON request to the endpoint /tplus/ajaxpro/Ufida.T.CodeBehind._PriorityLevel,App_Code.ashx?method=GetStoreWarehouseByStore, which deserializes the malicious data and allows execution of arbitrary commands, such as launching processes via System.Diagnostics.Process.Start. This leads to remote code execution with the privileges of the T+ application service account. [3]
How can this vulnerability impact me? :
This vulnerability can allow a remote attacker to execute arbitrary commands on the affected system without any authentication or user interaction. This can lead to full compromise of the system running Changjetong T+, including unauthorized access, data theft, system manipulation, or disruption of services. Since the commands run with the T+ application service account privileges, the attacker may gain significant control over the affected environment. [3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for malicious requests sent to the vulnerable endpoint `/tplus/ajaxpro/Ufida.T.CodeBehind._PriorityLevel,App_Code.ashx?method=GetStoreWarehouseByStore` with suspicious JSON payloads that attempt .NET deserialization. Network intrusion detection systems (NIDS) or web application firewalls (WAF) can be configured to alert on such requests. Additionally, reviewing web server logs for POST requests to this endpoint with unusual or large JSON bodies may help identify exploitation attempts. Using the publicly available proof-of-concept exploit script (Resource 4) can assist in testing detection capabilities. Specific commands depend on your environment, but examples include using `curl` to simulate requests or `grep` to search logs, e.g.: `grep '/tplus/ajaxpro/Ufida.T.CodeBehind._PriorityLevel,App_Code.ashx?method=GetStoreWarehouseByStore' /var/log/nginx/access.log` or `tail -f /var/log/httpd/access_log | grep 'GetStoreWarehouseByStore'`. [3, 4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the latest security patches or updates provided by the vendor that address deserialization vulnerabilities and other security hardening measures, as detailed in the T+ Exclusive Cloud 16.0 patch package (Resource 2). If patching is not immediately possible, restrict access to the vulnerable endpoint by implementing network-level controls such as firewall rules or WAF rules to block or monitor requests to `/tplus/ajaxpro/Ufida.T.CodeBehind._PriorityLevel,App_Code.ashx?method=GetStoreWarehouseByStore`. Additionally, monitor logs for suspicious activity and consider disabling or restricting the affected service until a patch can be applied. [2, 3]