CVE-2023-24836

SUNNET CTMS has vulnerability of path traversal within its file uploading function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operation or disrupt service.
Configurations

Configuration 1 (hide)

cpe:2.3:a:sun.net:ctms:7.0_1227:*:*:*:*:*:*:*

History

21 Nov 2024, 07:48

Type Values Removed Values Added
References () https://www.twcert.org.tw/tw/cp-132-7033-878ab-1.html - Third Party Advisory () https://www.twcert.org.tw/tw/cp-132-7033-878ab-1.html - Third Party Advisory

Information

Published : 2023-04-27 02:15

Updated : 2024-11-21 07:48


NVD link : CVE-2023-24836

Mitre link : CVE-2023-24836

CVE.ORG link : CVE-2023-24836


JSON object : View

Products Affected

sun.net

  • ctms
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')