CVE-2024-39865

Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Server versions prior to V3.2 SP1

Description: A vulnerability has been identified in the SINEMA Remote Connect Server that allows users to upload encrypted backup files without correctly checking the path of the restored file. This could allow an attacker with access to the backup encryption key to upload malicious files, potentially leading to remote code execution. The issue is related to the unlimited upload of dangerous file types, which can be exploited by a remote attacker to execute arbitrary code using a specially crafted file.

Recommendations: For versions prior to V3.2 SP1, update to V3.2 SP1 or later to resolve the issue. As a temporary workaround, consider restricting access to the backup file upload feature to minimize the risk of exploitation. Additionally, restrict the use of the file restoration functionality until a patch is available.