{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-8694","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-09-11T11:41:14.257Z","datePublished":"2024-09-11T21:00:08.197Z","dateUpdated":"2024-09-12T16:08:32.325Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-09-11T21:00:08.197Z"},"title":"JFinalCMS com.cms.controller.admin.TemplateController update path traversal","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-22","lang":"en","description":"CWE-22 Path Traversal"}]}],"affected":[{"vendor":"n/a","product":"JFinalCMS","versions":[{"version":"20240903","status":"affected"}],"modules":["com.cms.controller.admin.TemplateController"]}],"descriptions":[{"lang":"en","value":"A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the component com.cms.controller.admin.TemplateController. The manipulation of the argument fileName leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."},{"lang":"de","value":"Es wurde eine problematische Schwachstelle in JFinalCMS bis 20240903 gefunden. Es geht dabei um die Funktion update der Datei /admin/template/update der Komponente com.cms.controller.admin.TemplateController. Dank der Manipulation des Arguments fileName mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.1,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":3.8,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":3.8,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":4.7,"vectorString":"AV:N/AC:L/Au:M/C:N/I:P/A:P"}}],"timeline":[{"time":"2024-09-11T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-09-11T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-09-11T13:46:26.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"wavesky (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.277167","name":"VDB-277167 | JFinalCMS com.cms.controller.admin.TemplateController update path traversal","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.277167","name":"VDB-277167 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.401858","name":"Submit #401858 | 10Web CMS <=1.0 Unrestricted Upload","tags":["third-party-advisory"]},{"url":"https://gitee.com/heyewei/JFinalcms/issues/IAOKSQ","tags":["issue-tracking"]},{"url":"https://github.com/wave-to/SomeCms/blob/main/JFinalCMS.md","tags":["exploit"]}]},"adp":[{"affected":[{"vendor":"jfinalcms_project","product":"jfinalcms","cpes":["cpe:2.3:a:jfinalcms_project:jfinalcms:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"20240903","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-12T16:05:52.467442Z","id":"CVE-2024-8694","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-12T16:08:32.325Z"}}]}}