CVE-2024-27279

2024-03-1209:15:10

[email protected]

web.nvd.nist.gov

cve-2024-27279

directory traversal

a-blog cms

security vulnerability

nvd

password files

7.5 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

8.7%

JSON

Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with editor or higher privilege who can login to the product may obtain arbitrary files on the server including password files.

VendorProductVersionCPE
appleplea\-blog_cms3.1.9cpe:2.3:a:appleple:a\-blog_cms:3.1.9:*:*:*:*:*:*:*
appleplea\-blog_cms3.0.30cpe:2.3:a:appleple:a\-blog_cms:3.0.30:*:*:*:*:*:*:*
appleplea\-blog_cms2.11.59cpe:2.3:a:appleple:a\-blog_cms:2.11.59:*:*:*:*:*:*:*
appleplea\-blog_cms2.10.51cpe:2.3:a:appleple:a\-blog_cms:2.10.51:*:*:*:*:*:*:*
appleplea\-blog_cms2.9cpe:2.3:a:appleple:a\-blog_cms:2.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
appleple	a\-blog_cms	3.1.9	cpe:2.3:a:appleple:a\-blog_cms:3.1.9:::::::*
appleple	a\-blog_cms	3.0.30	cpe:2.3:a:appleple:a\-blog_cms:3.0.30:::::::*
appleple	a\-blog_cms	2.11.59	cpe:2.3:a:appleple:a\-blog_cms:2.11.59:::::::*
appleple	a\-blog_cms	2.10.51	cpe:2.3:a:appleple:a\-blog_cms:2.10.51:::::::*
appleple	a\-blog_cms	2.9	cpe:2.3:a:appleple:a\-blog_cms:2.9:::::::*

References

developer.a-blogcms.jp/blog/news/JVN-48443978.html

jvn.jp/en/jp/JVN48443978/