Lucene search
JpcertCVE-2024-31394HistoryMay 22, 2024 - 5:15 a.m.
CVE-2024-31394
2024-05-2205:15:53
jpcert
web.nvd.nist.gov
34
cve-2024-31394
directory traversal
a-blog cms
arbitrary files
Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with an editor or higher privilege who can log in to the product may obtain arbitrary files on the server.
Affected configurations
Node
appleplea-blog_cmsRange<3.1.12
appleplea-blog_cmsRange<3.0.32
appleplea-blog_cmsRange<2.11.61
appleplea-blog_cmsRange<2.10.53
appleplea-blog_cmsMatch2.9
| Vendor | Product | Version | CPE |
|---|---|---|---|
| appleple | a-blog_cms | * | cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:* |
| appleple | a-blog_cms | 2.9 | cpe:2.3:a:appleple:a-blog_cms:2.9:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "appleple inc.",
"product": "a-blog cms Ver.3.1.x series",
"versions": [
{
"version": "prior to Ver.3.1.12",
"status": "affected"
}
]
},
{
"vendor": "appleple inc.",
"product": "a-blog cms Ver.3.0.x series",
"versions": [
{
"version": "prior to Ver.3.0.32",
"status": "affected"
}
]
},
{
"vendor": "appleple inc.",
"product": "a-blog cms Ver.2.11.x series",
"versions": [
{
"version": "prior to Ver.2.11.61",
"status": "affected"
}
]
},
{
"vendor": "appleple inc.",
"product": "a-blog cms Ver.2.10.x series",
"versions": [
{
"version": "prior to Ver.2.10.53",
"status": "affected"
}
]
},
{
"vendor": "appleple inc.",
"product": "a-blog cms",
"versions": [
{
"version": "Ver.2.9 and earlier ",
"status": "affected"
}
]
}
]Related
nvd
nvd
CVE-2024-31394
2024-05-22 05:15:53
vulnrichment
vulnrichment
CVE-2024-31394
2024-05-22 04:35:31
cvelist
cvelist
CVE-2024-31394
2024-05-22 04:35:31
jvn
jvn
JVN#70977403: Multiple vulnerabilities in a-blog cms
2024-04-10 00:00:00