5 matches found
CVE-2024-8706
CVE-2024-8706 affects JFinalCMS up to 20240903, where the function update in com.cms.util.TemplateUtils exposes a path traversal in the fileName argument of /admin/template/update. This allows a remote attacker to exploit the vulnerability, with public exploits reported. The CVSS details indicate...
CVE-2024-8706 JFinalCMS com.cms.util.TemplateUtils update path traversal
A vulnerability was found in JFinalCMS up to 20240903. It has been classified as problematic. This affects the function update of the file /admin/template/update of the component com.cms.util.TemplateUtils. The manipulation of the argument fileName leads to path traversal. It is possible to...
JFinalCMS 路径遍历漏洞
JFinalCMS is a content management system by heyewei personal developer. A path traversal vulnerability exists in JFinalCMS version 20240903 and earlier, which stems from the fileName parameter in the file /admin/template/update, which can lead to path traversal...
PT-2024-39181 · Jfinalcms · Jfinalcms
Name of the Vulnerable Software and Affected Versions: JFinalCMS versions up to 20240903 Description: A problematic issue was found in JFinalCMS, affecting the update function of the /admin/template/update component, specifically the com.cms.controller.admin.TemplateController. The manipulation o...
JFinalCMS 路径遍历漏洞
JFinalCMS is a content management system by heyewei personal developer. A path traversal vulnerability exists in JFinalCMS version 20240903 and earlier, which stems from the fileName parameter in the file /admin/template/update, which can lead to path traversal...