CVE-2024-31394
CVE-2024-31394
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.5EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
22 may 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with an editor or higher privilege who can log in to the product may obtain arbitrary files on the server.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Productos afectados
appleple inc. · a-blog cmsappleple inc. · a-blog cms Ver.2.10.x seriesappleple inc. · a-blog cms Ver.2.11.x seriesappleple inc. · a-blog cms Ver.3.0.x seriesappleple inc. · a-blog cms Ver.3.1.x series¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →