exploitDog

CVE-2024-31396

Опубликовано: 22 мая 2024

Источник: nvd

CVSS3: 6.6

EPSS Низкий

Описание

Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may execute an arbitrary command on the server.

Ссылки

https://developer.a-blogcms.jp/blog/news/JVN-70977403.html
Vendor Advisory
https://jvn.jp/en/jp/JVN70977403/
Third Party Advisory
https://developer.a-blogcms.jp/blog/news/JVN-70977403.html
Vendor Advisory
https://jvn.jp/en/jp/JVN70977403/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*

Версия от 3.0.0 (включая) до 3.0.32 (исключая)

cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*

Версия от 3.1.0 (включая) до 3.1.12 (исключая)

EPSS

Процентиль: 73%

0.00751

Низкий

6.6 Medium

CVSS3

Дефекты

CWE-94

Связанные уязвимости

GHSA-chxf-xv64-xxfr

CVSS3: 6.6

github

больше 1 года назад

Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may execute an arbitrary command on the server.

EPSS

Процентиль: 73%

0.00751

Низкий

6.6 Medium

CVSS3

Дефекты

CWE-94