Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to delete arbitrary files on the server.
References
Link | Resource |
---|---|
https://developer.a-blogcms.jp/blog/news/JVN-34565930.html | Vendor Advisory |
https://jvn.jp/en/jp/JVN34565930/ | Third Party Advisory |
https://developer.a-blogcms.jp/blog/news/JVN-34565930.html | Vendor Advisory |
https://jvn.jp/en/jp/JVN34565930/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:57
Type | Values Removed | Values Added |
---|---|---|
References | () https://developer.a-blogcms.jp/blog/news/JVN-34565930.html - Vendor Advisory | |
References | () https://jvn.jp/en/jp/JVN34565930/ - Third Party Advisory |
29 Jan 2024, 22:55
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
References | () https://developer.a-blogcms.jp/blog/news/JVN-34565930.html - Vendor Advisory | |
References | () https://jvn.jp/en/jp/JVN34565930/ - Third Party Advisory | |
CPE | cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:* | |
CWE | CWE-22 |
23 Jan 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-23 10:15
Updated : 2024-11-21 08:57
NVD link : CVE-2024-23182
Mitre link : CVE-2024-23182
CVE.ORG link : CVE-2024-23182
JSON object : View
Products Affected
appleple
- a-blog_cms
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')