CVE-2024-8304

A vulnerability has been found in jpress up to 5.1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/template/edit of the component Template Module Handler. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://github.com/JPressProjects/jpress/issues/189 Exploit Issue Tracking
https://vuldb.com/?ctiid.276079 Permissions Required
https://vuldb.com/?id.276079 Third Party Advisory
https://vuldb.com/?submit.396425 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:jpress:jpress:*:*:*:*:*:*:*:*

History

19 Sep 2024, 17:39

Type Values Removed Values Added
References () https://github.com/JPressProjects/jpress/issues/189 - () https://github.com/JPressProjects/jpress/issues/189 - Exploit, Issue Tracking
References () https://vuldb.com/?ctiid.276079 - () https://vuldb.com/?ctiid.276079 - Permissions Required
References () https://vuldb.com/?id.276079 - () https://vuldb.com/?id.276079 - Third Party Advisory
References () https://vuldb.com/?submit.396425 - () https://vuldb.com/?submit.396425 - Third Party Advisory
First Time Jpress jpress
Jpress
CVSS v2 : 5.8
v3 : 4.7
v2 : 5.8
v3 : 4.9
CPE cpe:2.3:a:jpress:jpress:*:*:*:*:*:*:*:*

30 Aug 2024, 13:00

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad en jpress hasta la versión 5.1.1 y se ha clasificado como crítica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /admin/template/edit del componente Template Module Handler. La manipulación conduce a un path traversal. El ataque se puede ejecutar de forma remota. El exploit se ha hecho público y puede utilizarse.

29 Aug 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-29 15:15

Updated : 2024-09-19 17:39


NVD link : CVE-2024-8304

Mitre link : CVE-2024-8304

CVE.ORG link : CVE-2024-8304


JSON object : View

Products Affected

jpress

  • jpress
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')