CVE-2024-11979

{"id": "CVE-2024-11979", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-11-29T03:15:15.653", "references": [{"url": "https://www.twcert.org.tw/en/cp-139-8272-13a13-2.html", "source": "twcert@cert.org.tw"}, {"url": "https://www.twcert.org.tw/tw/cp-132-8271-29871-1.html", "source": "twcert@cert.org.tw"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "DreamMaker from Interinfo has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells."}, {"lang": "es", "value": "DreamMaker de Interinfo tiene una vulnerabilidad de Path Traversal y no restringe los tipos de archivos cargados. Esto permite que atacantes remotos no autenticados carguen archivos arbitrarios en cualquier directorio, lo que lleva a la ejecuci\u00f3n de c\u00f3digo arbitrario al cargar webshells."}], "lastModified": "2024-11-29T03:15:15.653", "sourceIdentifier": "twcert@cert.org.tw"}