CVE-2024-31396

Summary

Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may execute an arbitrary command on the server.

Affected Software

VendorProductVersion RangeStatus
appleple inc.a-blog cms Ver.3.1.x seriesprior to Ver.3.1.12affected
appleple inc.a-blog cms Ver.3.0.x seriesprior to Ver.3.0.32affected

Weaknesses

  • Code injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References