CVE-2024-11984
HIGHCorporate Training Management System <10.13 - Command Injection
Title source: llmDescription
A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload restrictions and perform arbitrary system commands with SYSTEM privilege via a crafted ZIP file.
References (1)
Core 1
Core References
Vendor Advisory third-party-advisory
https://zuso.ai/advisory/za-2024-10
Scores
CVSS v3
8.8
EPSS
0.0003
EPSS Percentile
8.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-434
Status
published
Products (1)
SUNNET Technology Co., Ltd./Corporate Training Management System
< 10.13
Published
Dec 19, 2024
Tracked Since
Feb 18, 2026