Lucene search

JpcertCVE-2024-31396

HistoryMay 22, 2024 - 5:15 a.m.

CVE-2024-31396

2024-05-2205:15:53

CWE-94

jpcert

web.nvd.nist.gov

cve-2024-31396

code injection

a-blog cms

security vulnerability

administrator privilege

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

Low

EPSS

Percentile

9.0%

JSON

Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may execute an arbitrary command on the server.

Affected configurations

Vulners

Vulnrichment

Node

appleplea-blog_cmsRange<3.1.12

appleplea-blog_cmsRange<3.0.32

VendorProductVersionCPE
appleplea-blog_cms*cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
appleple	a-blog_cms	*	cpe:2.3:a:appleple:a-blog_cms::::::::

CNA Affected

[
  {
    "vendor": "appleple inc.",
    "product": "a-blog cms Ver.3.1.x series",
    "versions": [
      {
        "version": "prior to Ver.3.1.12",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "appleple inc.",
    "product": "a-blog cms Ver.3.0.x series",
    "versions": [
      {
        "version": "prior to Ver.3.0.32",
        "status": "affected"
      }
    ]
  }
]

References

developer.a-blogcms.jp/blog/news/JVN-70977403.html

jvn.jp/en/jp/JVN70977403/

CVSS3

6.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-31396