CVE-2024-3311

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Apr 4, 2024
Updated: Jun 4, 2024
CWE ID 77
CWE ID 79

Summary

CVE-2024-3311 is a newly disclosed critical vulnerability affecting Dreamer CMS up to version 4.1.3.0. The issue lies in the ZipUtils.unZipFiles function of the file controller/admin/ThemesController.java, which enables path traversal. This vulnerability can be exploited remotely, making it a significant security risk. The exploit for this vulnerability has been made public, increasing the potential for attacks. To mitigate this issue, it is recommended to upgrade to Dreamer CMS version 4.1.3.1. The vulnerability has been assigned the identifier VDB-259369.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share