CVE-2024-11984

Name of the Vulnerable Software and Affected Versions Corporate Training Management System versions prior to 10.13

Description A vulnerability in the epaper draft function of the Corporate Training Management System allows remote authenticated users to bypass file upload restrictions and execute arbitrary system commands with SYSTEM privilege via a crafted ZIP file. This issue is related to an unrestricted upload of files with dangerous types.

Recommendations For versions prior to 10.13, update to version 10.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the epaper draft function to minimize the risk of exploitation. Additionally, avoid using the epaper draft function until the issue is resolved.