CVE-2024-8706 | JFinalCMS up to 20240903 com.cms.util.TemplateUtils /admin/template/update fileName path traversal (IAOSJG)

Inserito da Angelo Barbosa | Set 11, 2024 | CVE

A vulnerability was found in JFinalCMS up to 20240903. It has been classified as problematic. This affects the function update of the file /admin/template/update of the component com.cms.util.TemplateUtils. The manipulation of the argument fileName leads to path traversal.

This vulnerability is uniquely identified as CVE-2024-8706. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2024-8706 | JFinalCMS up to 20240903 com.cms.util.TemplateUtils /admin/template/update fileName path traversal (IAOSJG)

Post correlati

CVE-2024-36024 | Linux Kernel up to 6.8.5 AMD Display wake_and_executes race condition (2aac38744561/6226a5aa7737)

CVE-2023-48131 | CHIGASAKI BAKERY mini-app on Line 13.6.1 Channel Access Token information disclosure

CVE-2021-46900 | Sympa up to 6.2.61 cookie protection mechanism (Issue 1091)

CVE-2024-2529 | MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 /admin/rooms.php unrestricted upload