CVE-2024-23180

Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary code by uploading a specially crafted SVG file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
jpcertCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
appleplea-blog_cms
𝑥
≤ 2.9.0
appleplea-blog_cms
2.10.0 ≤
𝑥
< 2.10.50
appleplea-blog_cms
2.11.0 ≤
𝑥
< 2.11.58
appleplea-blog_cms
3.0.0 ≤
𝑥
< 3.0.29
appleplea-blog_cms
3.1.0 ≤
𝑥
< 3.1.7
𝑥
= Vulnerable software versions
References
https://developer.a-blogcms.jp/blog/news/JVN-34565930.html
https://jvn.jp/en/jp/JVN34565930/
https://developer.a-blogcms.jp/blog/news/JVN-34565930.html
https://jvn.jp/en/jp/JVN34565930/