CVE-2024-33615

Summary

A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel

server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code execution.

Affected Software

VendorProductVersion RangeStatus
CyberPowerPowerPanel business0 < 4.9.0affected

Weaknesses

  • CWE-23: CWE-23

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References