CVE-2024-8782

Name of the Vulnerable Software and Affected Versions: JFinalCMS versions up to 1.0

Description: A critical issue affects the delete function of the file /admin/template/edit. The manipulation of the name argument leads to path traversal, allowing an attacker to delete arbitrary files. This issue can be initiated remotely.

Recommendations: For JFinalCMS versions up to 1.0, patch immediately to prevent exploitation. Additionally, review logs for signs of exploit. As a temporary workaround, consider restricting access to the /admin/template/edit endpoint or disabling the delete function until a patch is available.