CVE-2024-9923

Name of the Vulnerable Software and Affected Versions Team+ versions 13.5.x

Description The issue arises from the improper validation of a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root directory and access them. This can lead to unauthorized data access.

Recommendations For version 13.5.x, apply the available patch to fix the issue and monitor for potential exploit development. Assess exposure and apply defense-in-depth measures to minimize the risk of exploitation. As a temporary workaround, consider restricting access to sensitive system files and directories until the patch is applied.