PT-2024-21789 · Unknown · A-Blog Cms
Kentaro Ishii
·
Published
2024-03-12
·
Updated
2025-05-13
·
CVE-2024-27279
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
a-blog cms versions 3.1.x through 3.1.9 and earlier
a-blog cms versions 3.0.x through 3.0.30 and earlier
a-blog cms versions 2.11.x through 2.11.59 and earlier
a-blog cms versions 2.10.x through 2.10.51 and earlier
a-blog cms version 2.9 and earlier
Description
A directory traversal vulnerability exists in a-blog cms, allowing a user with editor or higher privilege who can login to the product to obtain arbitrary files on the server, including password files, if the vulnerability is exploited.
Recommendations
For a-blog cms versions 3.1.x through 3.1.9 and earlier, update to a version later than 3.1.9.
For a-blog cms versions 3.0.x through 3.0.30 and earlier, update to a version later than 3.0.30.
For a-blog cms versions 2.11.x through 2.11.59 and earlier, update to a version later than 2.11.59.
For a-blog cms versions 2.10.x through 2.10.51 and earlier, update to a version later than 2.10.51.
For a-blog cms version 2.9 and earlier, update to a version later than 2.9.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
A-Blog Cms