CVE-2024-8782
CVSS V2 None
CVSS V3 None
Description
A vulnerability was found in JFinalCMS up to 1.0. It has been rated as critical. This issue affects the function delete of the file /admin/template/edit. The manipulation of the argument name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Overview
- CVE ID
- CVE-2024-8782
- Assigner
- VulDB
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-09-13T18:00:09.004Z
- Last Modified Date
- 2024-09-13T18:38:13.694Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://vuldb.com/?id.277433 | vdb-entry technical-description |
https://vuldb.com/?ctiid.277433 | signature permissions-required |
https://vuldb.com/?submit.405528 | third-party-advisory |
https://gitee.com/heyewei/JFinalcms/issues/IAOSJG | issue-tracking |
https://github.com/yhy7612/Seccode/blob/main/README1.md | exploit |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-8782 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8782 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-09-14 13:06:49 | Added to TrackCVE |