CVE-2024-31394

2024-05-2204:35:31

jpcert

github.com

cve-2024-31394

a-blog cms

directory traversal

AI Score

Confidence

High

EPSS

Percentile

9.0%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with an editor or higher privilege who can log in to the product may obtain arbitrary files on the server.

CNA Affected

[
  {
    "vendor": "appleple inc.",
    "product": "a-blog cms Ver.3.1.x series",
    "versions": [
      {
        "version": "prior to Ver.3.1.12",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "appleple inc.",
    "product": "a-blog cms Ver.3.0.x series",
    "versions": [
      {
        "version": "prior to Ver.3.0.32",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "appleple inc.",
    "product": "a-blog cms Ver.2.11.x series",
    "versions": [
      {
        "version": "prior to Ver.2.11.61",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "appleple inc.",
    "product": "a-blog cms Ver.2.10.x series",
    "versions": [
      {
        "version": "prior to Ver.2.10.53",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "appleple inc.",
    "product": "a-blog cms",
    "versions": [
      {
        "version": "Ver.2.9 and earlier ",
        "status": "affected"
      }
    ]
  }
]