A vulnerability has been found in jpress up to 5.1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/template/edit of the component Template Module Handler. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
Link | Resource |
---|---|
https://github.com/JPressProjects/jpress/issues/189 | Exploit Issue Tracking |
https://vuldb.com/?ctiid.276079 | Permissions Required |
https://vuldb.com/?id.276079 | Third Party Advisory |
https://vuldb.com/?submit.396425 | Third Party Advisory |
Configurations
History
19 Sep 2024, 17:39
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/JPressProjects/jpress/issues/189 - Exploit, Issue Tracking | |
References | () https://vuldb.com/?ctiid.276079 - Permissions Required | |
References | () https://vuldb.com/?id.276079 - Third Party Advisory | |
References | () https://vuldb.com/?submit.396425 - Third Party Advisory | |
First Time |
Jpress jpress
Jpress |
|
CVSS |
v2 : v3 : |
v2 : 5.8
v3 : 4.9 |
CPE | cpe:2.3:a:jpress:jpress:*:*:*:*:*:*:*:* |
30 Aug 2024, 13:00
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
29 Aug 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-29 15:15
Updated : 2024-09-19 17:39
NVD link : CVE-2024-8304
Mitre link : CVE-2024-8304
CVE.ORG link : CVE-2024-8304
JSON object : View
Products Affected
jpress
- jpress
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')