File Upload Vulnerability in Corporate Training Management System Exposes Systems to Threats
CVE-2024-11984

Currently unrated

Key Information:

Vendor: Sunnet Technology Co., Ltd.
Status: Corporate Training Management System
Vendor: CVE Published:; 19 December 2024

🔔 Create Sunnet Technology Co., Ltd. Vulnerability Alert

What is CVE-2024-11984?

CVE-2024-11984 highlights a severe vulnerability found in the Corporate Training Management System prior to version 10.13. This vulnerability permits remote authenticated users to bypass existing file upload restrictions by exploiting an unrestricted file upload feature within the system's epaper draft function. As a result, attackers can upload specially crafted ZIP files, leading to potential execution of arbitrary system commands with SYSTEM-level privileges. Organizations using affected versions are strongly advised to upgrade to the latest version to mitigate this critical security risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Corporate Training Management System 0

References

https://zuso.ai/advisory/za-2024-10

third-party-advisory

Timeline

Vulnerability published
Dec 19, 2024
Vulnerability Reserved
Nov 29, 2024

JSON

Sunnet Technology Co., Ltd.

What is CVE-2024-11984?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.