CVE-2024-7694

ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with  administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
twcertCNA
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
teamt5threatsonar_anti-ransomware
𝑥
< 3.5.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.twcert.org.tw/en/cp-139-8000-e5a5c-2.html
https://www.twcert.org.tw/tw/cp-132-7998-d76dd-1.html