CVE-2024-31396

2024-05-2204:35:42

jpcert

www.cve.org

code injection

a-blog cms

version 3.1.x

version 3.0.x

administrator privilege

arbitrary command

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may execute an arbitrary command on the server.

CNA Affected

[
  {
    "vendor": "appleple inc.",
    "product": "a-blog cms Ver.3.1.x series",
    "versions": [
      {
        "version": "prior to Ver.3.1.12",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "appleple inc.",
    "product": "a-blog cms Ver.3.0.x series",
    "versions": [
      {
        "version": "prior to Ver.3.0.32",
        "status": "affected"
      }
    ]
  }
]

References

developer.a-blogcms.jp/blog/news/JVN-70977403.html

jvn.jp/en/jp/JVN70977403/