Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-31396

May 22, 2024, 12:46 p.m.

Product(s) Impacted

a-blog cms

  • 3.1.0 - 3.1.11
  • 3.0.0 - 3.0.31

Description

Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may execute an arbitrary command on the server.

Weaknesses

Date

Published: May 22, 2024, 5:15 a.m.

Last Modified: May 22, 2024, 12:46 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

vultures@jpcert.or.jp

References

https://developer.a-blogcms.jp/ vultures@jpcert.or.jp

https://jvn.jp/ vultures@jpcert.or.jp