CVE-2024-7551 | juzaweb CMS up to 3.4.2 Theme Editor default path traversal

Inserito da Angelo Barbosa | Ago 6, 2024 | CVE

A vulnerability was found in juzaweb CMS up to 3.4.2. It has been classified as problematic. Affected is an unknown function of the file /admin-cp/theme/editor/default of the component Theme Editor. The manipulation leads to path traversal.

This vulnerability is traded as CVE-2024-7551. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-7551 | juzaweb CMS up to 3.4.2 Theme Editor default path traversal

Post correlati

CVE-2023-52147 | All In One WP Security & Firewall Plugin up to 5.2.4 on WordPress information disclosure

CVE-2024-0939 | Beijing Baichuo Smart S210 Management Platform up to 20240117 /Tool/uploadfile.php file_upload unrestricted upload

CVE-2023-51389 | Dromara Hertzbeat up to 1.4.0 SnakeYAML /define/yml deserialization

CVE-2024-6086 | lunary-ai lunary up to 1.2.7 checkAccess access control