Home

Description

ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server.

PUBLISHED Reserved 2024-08-12 | Published 2024-08-12 | Updated 2026-02-18 | Assigner twcert




HIGH: 7.2CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA Known Exploited Vulnerability

Date added 2026-02-17 | Due date 2026-03-10

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

Product status

Default status
unaffected

Any version
affected

References

www.cisa.gov/...nerabilities-catalog?field_cve=CVE-2024-7694 government-resource

www.twcert.org.tw/tw/cp-132-7998-d76dd-1.html third-party-advisory

www.twcert.org.tw/en/cp-139-8000-e5a5c-2.html third-party-advisory

cve.org (CVE-2024-7694)

nvd.nist.gov (CVE-2024-7694)

Download JSON