Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/6xxx/CVE-2024-6707.json",
"cna_assigner": "KoreLogic",
"cwe_ids": [
"CWE-22",
"CWE-434"
]
}