| ZUSOART ID |
ZA-2024-10 |
| CVE ID |
CVE-2024-11984 |
| Vulnerability Type |
CWE-434: Unrestricted Upload of File with Dangerous Type |
| CVSS 4.0 Base |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H (9.4) |
| Description |
A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload restrictions and perform arbitrary system commands with SYSTEM privilege via a crafted ZIP file. |
| Vendor |
SUNNET Technology Co., Ltd. |
| Product |
| Category |
Version affected |
| Corporate Training Management System |
Before 10.13 |
|
| Product Support |
Contact SUNNET Technology for version updates. |
| Release date |
2024/12/19 |
| Credit |
Yen Chun Shen (YC Shen) of ZUSO ART |
