TVN ID | TVN-202411024 |
---|---|
CVE ID | CVE-2024-11979 |
CVSS | 9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Affected Products | DreamMaker before version 2024/09/06 |
Description | DreamMaker from Interinfo has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. |
Solution | Update to version 2024/09/06 or later. |
Credit | Vtim (DEVCORE) |
Public Date | 2024-11-29 |