Lucene search

K
cveVulDBCVE-2024-8706
HistorySep 12, 2024 - 12:15 a.m.

CVE-2024-8706

2024-09-1200:15:02
CWE-22
VulDB
web.nvd.nist.gov
33
vulnerability
jfinalcms
20240903

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS4

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/SC:N/VI:N/SI:N/VA:N/SA:N

AI Score

4.7

Confidence

High

EPSS

0

Percentile

16.4%

A vulnerability was found in JFinalCMS up to 20240903. It has been classified as problematic. This affects the function update of the file /admin/template/update of the component com.cms.util.TemplateUtils. The manipulation of the argument fileName leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Affected configurations

Vulners
Vulnrichment
Node
-jfinalcmsMatch20240903
VendorProductVersionCPE
-jfinalcms20240903cpe:2.3:a:-:jfinalcms:20240903:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "JFinalCMS",
    "versions": [
      {
        "version": "20240903",
        "status": "affected"
      }
    ],
    "modules": [
      "com.cms.util.TemplateUtils"
    ]
  }
]

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS4

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/SC:N/VI:N/SI:N/VA:N/SA:N

AI Score

4.7

Confidence

High

EPSS

0

Percentile

16.4%

Related for CVE-2024-8706