CVE-2021-46115

2022-01-2617:15:07

Google

osv.dev

7.1 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.6%

JSON

jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious code.

CPENameOperatorVersion
jpresseq2.0-rc.8
jpresseq1.0.1
jpresseq4.0.2
jpresseq3.2.5
jpresseq4.0.6
jpresseq1.0.4
jpresseq2.0-rc.4
jpresseq2.0-rc.1
jpresseq0.0.2
jpresseq1.0