← back
CVE-2024-8694

JFinalCMS com.cms.controller.admin.TemplateController update path traversal

CVSS 5.1 MEDIUMEPSS 0.8%CWE-22
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.1EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
11 Sep 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the component com.cms.controller.admin.TemplateController. The manipulation of the argument fileName leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
Affected products
n/a · JFinalCMS