CVE-2024-33615 Information

Description

A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel

server which allows file writing to the server outside the intended scope and could allow an attacker to achieve remote code execution.

Reference

https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01 https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads