CVE-2024-31396
6.6
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may execute an arbitrary command on the server.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| appleple inc. | a-blog cms Ver.3.1.x series | prior to Ver.3.1.12 | affected |
| appleple inc. | a-blog cms Ver.3.0.x series | prior to Ver.3.0.32 | affected |
Weaknesses
- Code injection
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.