Jpress Security Vulnerabilities and Issues — Jpress CVE List

Lucene search

JpressJpress

5 matches found

CVE•added 2022/02/04 10:15 p.m.•65 views

CVE-2022-23330

A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package.

8.8CVSS8.9AI score0.01989EPSS

CVE•added 2022/01/26 7:15 p.m.•41 views

CVE-2021-46114

jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.

8.8CVSS8.6AI score0.01283EPSS

CVE•added 2024/08/22 1:15 a.m.•39 views

CVE-2024-43033

JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to io.jpress.web.commons.controller.AttachmentController#upload. NOTE: this is unrelated to the attack vector for CVE-...

8.8CVSS7.9AI score0.01592EPSS

CVE•added 2022/01/13 2:15 p.m.•37 views

CVE-2021-45806

jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code.

8.8CVSS8.7AI score0.01283EPSS

CVE•added 2022/01/19 1:15 p.m.•31 views

CVE-2021-45808

jpress v4.2.0 allows users to register an account by default. With the account, user can upload arbitrary files to the server.

8.8CVSS8.7AI score0.00616EPSS