Dreamer CMS <=4.1.3.0 Path Traversal via ZipUtils.unZipFiles (Java) critical
CVE-2024-3311 Published on April 4, 2024
Dreamer CMS ThemesController.java ZipUtils.unZipFiles path traversal
A vulnerability was found in Dreamer CMS up to 4.1.3.0. It has been declared as critical. Affected by this vulnerability is the function ZipUtils.unZipFiles of the file controller/admin/ThemesController.java. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.3.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-259369 was assigned to this vulnerability.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Type
What is a Directory traversal Vulnerability?
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CVE-2024-3311 has been classified to as a Directory traversal vulnerability or weakness.
Products Associated with CVE-2024-3311
Want to know whenever a new CVE is published for Iteachyou Dreamer Cms? stack.watch will email you.
Affected Versions
Dreamer CMS:- Version 4.1.0 is affected.
- Version 4.1.1 is affected.
- Version 4.1.2 is affected.
- Version 4.1.3 is affected.
- Version 4.1.0 is affected.
- Version 4.1.1 is affected.
- Version 4.1.2 is affected.
- Version 4.1.3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.