CVE-2024-11979

Published: Nov 29, 2024Modified: Nov 29, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: twcert@cert.org.tw (Secondary)

Description

DreamMaker from Interinfo has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://www.twcert.org.tw/en/cp-139-8272-13a13-2.html

Source: twcert@cert.org.tw

https://www.twcert.org.tw/tw/cp-132-8271-29871-1.html

Source: twcert@cert.org.tw

Timeline

No history available yet.