What is CVE-2023-24836?

CVE-2023-24836 is a high-severity vulnerability in Sunnet Ctms, classified under Path Traversal. CVSS score: 8.8/10. Published 2023-04-27.

How severe is CVE-2023-24836?

High severity. CVSS v3 base score is 8.8 out of 10.

Path Traversal in Sunnet Ctms

CVE-2023-24836

SUNNET CTMS has vulnerability of path traversal within its file uploading function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to per…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.008 (73.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Sunnet Ctms — versions 7.0 1227

Weakness classification (CWE)

CWE-22 — Path Traversal

References

www.twcert.org.tw/tw/cp-132-7033-878ab-1.html

Frequently asked questions

What is CVE-2023-24836?: CVE-2023-24836 is a high-severity vulnerability in Sunnet Ctms, classified under Path Traversal. CVSS score: 8.8/10. Published 2023-04-27.
How severe is CVE-2023-24836?: High severity. CVSS v3 base score is 8.8 out of 10.