CVE Details: CVE-2024-9923

Description

The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root directory and access them.

Published Date: 2024-10-14
Last Modified Date: 2024-10-15
Severity: MEDIUM
CVSS v3 Score: 4.9
CWE ID: CWE-23
Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: HIGH
User Interaction: NONE
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: NONE
Availability Impact: NONE

Back to CVE List