Lucene search

K
cvelistJpcertCVELIST:CVE-2024-31396
HistoryMay 22, 2024 - 4:35 a.m.

CVE-2024-31396

2024-05-2204:35:42
jpcert
www.cve.org
3
code injection
a-blog cms
version 3.1.x
version 3.0.x
administrator privilege
arbitrary command

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may execute an arbitrary command on the server.

CNA Affected

[
  {
    "vendor": "appleple inc.",
    "product": "a-blog cms Ver.3.1.x series",
    "versions": [
      {
        "version": "prior to Ver.3.1.12",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "appleple inc.",
    "product": "a-blog cms Ver.3.0.x series",
    "versions": [
      {
        "version": "prior to Ver.3.0.32",
        "status": "affected"
      }
    ]
  }
]

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

Related for CVELIST:CVE-2024-31396