Back to search
CVE-2024-11984
Published: Dec 19, 2024
Modified: Dec 20, 2024
PUBLISHED
Description
A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload restrictions and perform arbitrary system commands with SYSTEM privilege via a crafted ZIP file.
| Vendor | Product | Versions |
|---|---|---|
SUNNET Technology Co., Ltd. | Corporate Training Management System | affected 0 - < 10.13 |
Weaknesses (CWE)
References
https://zuso.ai/advisory/za-2024-10
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now