CVE Published: 15/05/2024 |
CVE Updated: 02/08/2024 |
CVE Year: 2024 Source: icscert |
Vendor: CyberPower |
Product: PowerPanel business Status : PUBLISHED
CVE-2024-33615 Description
A specially crafted Zip file containing path traversal characters can be
imported to the
CyberPower PowerPanel
server, which allows file writing to the server outside
the intended scope, and could allow an attacker to achieve remote code
execution.
Metrics
CVSS Version: 3.1 |
Base Score: 8.8 HIGH Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H