CVE-2024-31396

2024-05-2205:15:53

[email protected]

web.nvd.nist.gov

cve-2024-31396

code injection

a-blog cms

security vulnerability

administrator privilege

7.4 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may execute an arbitrary command on the server.

Affected configurations

Vulners

Node

appleplea-blog_cmsRange<3.1.12

appleplea-blog_cmsRange<3.0.32

CNA Affected

[
  {
    "vendor": "appleple inc.",
    "product": "a-blog cms Ver.3.1.x series",
    "versions": [
      {
        "version": "prior to Ver.3.1.12",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "appleple inc.",
    "product": "a-blog cms Ver.3.0.x series",
    "versions": [
      {
        "version": "prior to Ver.3.0.32",
        "status": "affected"
      }
    ]
  }
]

References

developer.a-blogcms.jp/blog/news/JVN-70977403.html

jvn.jp/en/jp/JVN70977403/