A vulnerability was found in juzaweb CMS up to 3.4.2. It has been classified as problematic. Affected is an unknown function of the file /admin-cp/theme/editor/default of the component Theme Editor. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273696. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
Link | Resource |
---|---|
https://github.com/DeepMountains/Mirage/blob/main/CVE9-1.md | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.273696 | Permissions Required VDB Entry |
https://vuldb.com/?id.273696 | Third Party Advisory VDB Entry |
https://vuldb.com/?submit.381444 | Third Party Advisory VDB Entry |
Configurations
History
12 Aug 2024, 16:12
Type | Values Removed | Values Added |
---|---|---|
First Time |
Juzaweb
Juzaweb cms |
|
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : 3.3
v3 : 4.9 |
CPE | cpe:2.3:a:juzaweb:cms:*:*:*:*:*:*:*:* | |
References | () https://github.com/DeepMountains/Mirage/blob/main/CVE9-1.md - Exploit, Third Party Advisory | |
References | () https://vuldb.com/?ctiid.273696 - Permissions Required, VDB Entry | |
References | () https://vuldb.com/?id.273696 - Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.381444 - Third Party Advisory, VDB Entry |
06 Aug 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-06 13:15
Updated : 2024-08-12 16:12
NVD link : CVE-2024-7551
Mitre link : CVE-2024-7551
CVE.ORG link : CVE-2024-7551
JSON object : View
Products Affected
juzaweb
- cms
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')