CVE-2024-11984: SUNNET Corporate Training Management System - Unrestricted Upload of File with Dangerous Type
First published: Thu Dec 19 2024(Updated: )
A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload restrictions and perform arbitrary system commands with SYSTEM privilege via a crafted ZIP file.
Credit: ART@zuso.ai
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sunnet eHDR CTMS | <10.13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-11984?
CVE-2024-11984 is classified as a critical vulnerability due to the ability to execute arbitrary system commands with SYSTEM privileges.
How do I fix CVE-2024-11984?
To fix CVE-2024-11984, upgrade the Corporate Training Management System to version 10.13 or later.
Who is affected by CVE-2024-11984?
CVE-2024-11984 affects all versions of the Corporate Training Management System prior to 10.13.
What type of attack is associated with CVE-2024-11984?
CVE-2024-11984 is associated with unrestricted file upload attacks that enable remote users to execute arbitrary commands.
Can CVE-2024-11984 be exploited by unauthenticated users?
No, CVE-2024-11984 requires remote authenticated users to exploit the vulnerability.
- agent/title
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/trending
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/sunnet
- canonical/sunnet ehdr ctms