go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

TEAMPLUS TECHNOLOGY Team+ - Arbitrary File Move through Path Traversal

TVN ID TVN-202410003
CVE ID CVE-2024-9923
CVSS 4.9 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected Products Team+ v13.5.x
Description The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root directory and access them.
Solution Update to version v14.0.0 or later.
Credit Huding, Ginoah (DEVCORE)
Public Date 2024-10-14
Top