Home > Vulnerability Database > CVE-2024-3311

Mend.io Vulnerability Database

CVE-2024-3311

Good to know:

Date: April 4, 2024

A vulnerability was found in Dreamer CMS up to 4.1.3.0. It has been declared as critical. Affected by this vulnerability is the function ZipUtils.unZipFiles of the file controller/admin/ThemesController.java. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.3.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-259369 was assigned to this vulnerability.

Language: Java

Severity Score

6.3

Related Resources (7)

Url: https://vuldb.com/?submit.303874

Url: https://vuldb.com/?ctiid.259369

Url: https://gitee.com/iteachyou/dreamer_cms/releases/tag/Latest_Stable_Release_4.1.3.1

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-3311

Url: https://gitee.com/y1336247431/poc-public/issues/I9BA5R

Url: https://vuldb.com/?id.259369

Url: https://www.mend.io/vulnerability-database/CVE-2024-3311

Severity Score

6.3

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version 4.1.3.1

Learn More

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2024-3311

Good to know:

Date: April 4, 2024

Language: Java

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?