PT-2024-24040 · Unknown · A-Blog Cms
Rikuto Tauchi
·
Published
2024-05-22
·
Updated
2025-05-12
·
CVE-2024-31394
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
a-blog cms versions prior to 3.1.12
a-blog cms versions prior to 3.0.32
a-blog cms versions prior to 2.11.61
a-blog cms versions prior to 2.10.53
a-blog cms version 2.9 and earlier
Description
A directory traversal vulnerability exists in a-blog cms, allowing a user with editor or higher privilege who can log in to the product to obtain arbitrary files on the server if the vulnerability is exploited.
Recommendations
For versions prior to 3.1.12, update to version 3.1.12 or later.
For versions prior to 3.0.32, update to version 3.0.32 or later.
For versions prior to 2.11.61, update to version 2.11.61 or later.
For versions prior to 2.10.53, update to version 2.10.53 or later.
For version 2.9 and earlier, update to a later version.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
A-Blog Cms