CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11979 – Interinfo DreamMaker - Unrestricted File Upload through Path Traversal
https://notcve.org/view.php?id=CVE-2024-11979
29 Nov 2024 — DreamMaker from Interinfo has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. • https://www.twcert.org.tw/en/cp-139-8272-13a13-2.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11978 – Interinfo DreamMaker - Arbitrary File Reading through Path Traversal
https://notcve.org/view.php?id=CVE-2024-11978
29 Nov 2024 — DreamMaker from Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. • https://www.twcert.org.tw/en/cp-139-8270-a56e6-2.html • CWE-36: Absolute Path Traversal •