CVE-2024-31396

EUVD-2024-29291
Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may execute an arbitrary command on the server.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.6 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
appleplea-blog_cms
3.0.0 ≤
𝑥
< 3.0.32
appleplea-blog_cms
3.1.0 ≤
𝑥
< 3.1.12
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
appleplea-blog_cms
3.1.0 ≤
𝑥
< 3.1.12
ADP
appleplea-blog_cms
3.0.0 ≤
𝑥
< 3.0.32
ADP
Common Weakness Enumeration
References
https://developer.a-blogcms.jp/blog/news/JVN-70977403.html
https://jvn.jp/en/jp/JVN70977403/
https://developer.a-blogcms.jp/blog/news/JVN-70977403.html
https://jvn.jp/en/jp/JVN70977403/