【Vulnerability Alert】Interinfo DreamMaker Arbitrary File Upload through Path Traversal
publish date :
2024-12-02
update date :
2024-12-02
Source: Ministry of education information & communication security contingency platform
| Publication Number | TACERT-ANA-2024120210124848 | Publication Time | 2024/12/02 10:37 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2024/12/02 10:37 |
| Impact Level | Medium | ||
| [Subject] 【Vulnerability Alert】Interinfo DreamMaker Arbitrary File Upload through Path Traversal |
|||
| [Content] Forwarded from TWCERTCC-200-202412-00000001 [Interinfo DreamMaker Arbitrary File Upload through Path Traversal](TVN-202411024, CVE-2024-11979, CVSS: 9.8) A Path Traversal vulnerability has been identified in Interinfo DreamMaker, where the file type upload restriction is not enforced. This allows unauthenticated remote attackers to exploit the vulnerability by uploading arbitrary files to any location, potentially including webshells, to execute arbitrary code. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] DreamMaker |
|||
| [Recommended Actions] Please contact the vendor for a patch. |
|||
| [Reference] 1. https://www.twcert.org.tw/tw/cp-132-8271-29871-1.html |
|||
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center
