CVE-2024-3311 | Dreamer CMS up to 4.1.3.0 ThemesController.java ZipUtils.unZipFiles path traversal (I9BA5R)

Posted by Angelo Barbosa | Apr 4, 2024 | CVE

A vulnerability was found in Dreamer CMS up to 4.1.3.0. It has been declared as critical. Affected by this vulnerability is the function ZipUtils.unZipFiles of the file controller/admin/ThemesController.java. The manipulation leads to path traversal.

This vulnerability is known as CVE-2024-3311. The attack can be launched remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.

CVE-2024-3311 | Dreamer CMS up to 4.1.3.0 ThemesController.java ZipUtils.unZipFiles path traversal (I9BA5R)

Related Posts

CVE-2023-47677 | LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623 boa cross-site request forgery (TALOS-2023-1872)

CVE-2024-46705 | Linux Kernel up to 6.10.6 DRM Privilege Escalation (b1c9fbed3884/c7117419784f)

CVE-2024-42988 | CTFd up to 3.7.2 solves access control

CVE-2024-42017 | Atos Eviden iCare up to 2.7.11 Web Interface improper authentication