TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center-Interinfo DreamMaker - Arbitrary File Reading through Path Traversal

Date:2024-11-29

Font-stze:

Interinfo DreamMaker - Arbitrary File Reading through Path Traversal

TVN ID	TVN-202411023
CVE ID	CVE-2024-11978
CVSS	7.5 (High) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products	DreamMaker before version 2024/09/26
Description	DreamMaker from Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
Solution	Update to version 2024/09/26 or later.
Credit	Linwz (DEVCORE)
Public Date	2024-11-29