go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Interinfo DreamMaker - Unrestricted File Upload through Path Traversal

TVN ID TVN-202411024
CVE ID CVE-2024-11979
CVSS 9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products DreamMaker before version 2024/09/06
Description DreamMaker from Interinfo has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells.
Solution Update to version 2024/09/06 or later.
Credit Vtim (DEVCORE)
Public Date 2024-11-29
Top