Vulnerabilities > CVE-2024-9923 - Unspecified vulnerability in Teamplus Team+ PRO

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

teamplus

NVD

Published: 2024-10-14

Updated: 2024-10-24

Summary

The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root directory and access them.

Vulnerable Configurations

Part	Description	Count
Application	Teamplus Teamplus Team+ PRO *	1

References

https://www.twcert.org.tw/tw/cp-132-8128-772aa-1.html
https://www.twcert.org.tw/en/cp-139-8129-00002-2.html