CVE-2024-3311
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Published Apr 4, 2024
Updated: Jun 4, 2024
CWE ID 77
CWE ID 79
Summary
CVE-2024-3311 is a newly disclosed critical vulnerability affecting Dreamer CMS up to version 4.1.3.0. The issue lies in the ZipUtils.unZipFiles function of the file controller/admin/ThemesController.java, which enables path traversal. This vulnerability can be exploited remotely, making it a significant security risk. The exploit for this vulnerability has been made public, increasing the potential for attacks. To mitigate this issue, it is recommended to upgrade to Dreamer CMS version 4.1.3.1. The vulnerability has been assigned the identifier VDB-259369.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share