CVE-2024-3311

Name of the Vulnerable Software and Affected Versions Dreamer CMS versions up to 4.1.3.0

Description A critical issue has been found, affecting the ZipUtils.unZipFiles function of the file controller/admin/ThemesController.java. This leads to path traversal and can be exploited remotely. The issue has been publicly disclosed and may be used for attacks.

Recommendations For Dreamer CMS versions up to 4.1.3.0, upgrade to version 4.1.3.1 to address this issue. As a temporary workaround, consider disabling the ZipUtils.unZipFiles function until the patch is applied. Restrict access to the ThemesController.java file to minimize the risk of exploitation.