CVE-2024-8694 | JFinalCMS up to 20240903 com.cms.controller.admin.TemplateController /admin/template/update fileName path traversal (IAOKSQ)

Posted by Angelo Barbosa | Sep 11, 2024 | CVE

A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the component com.cms.controller.admin.TemplateController. The manipulation of the argument fileName leads to path traversal.

This vulnerability is uniquely identified as CVE-2024-8694. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2024-8694 | JFinalCMS up to 20240903 com.cms.controller.admin.TemplateController /admin/template/update fileName path traversal (IAOKSQ)

Related Posts

CVE-2024-23462 | Zscaler Client Connector up to 3.3 on macOS integrity check

CVE-2023-50823 | Wipeout Media CSS & JavaScript Toolbox Plugin up to 11.7 on WordPress cross site scripting

CVE-2024-8340 | SourceCodester Electric Billing Management System 1.0 /Actions.php username sql injection

CVE-2024-44798 | PHPGurukul Bus Pass Management System 1.0 pass-bwdates-reports-details.php fromdate/todate cross site scripting