CVE-2024-23182

Published Jan 23, 2024

Last updated 3 months ago

CVSS high 8.1

Overview

Description: Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to delete arbitrary files on the server.
Source: vultures@jpcert.or.jp
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.1
Impact score: 5.2
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2879B3D6-4E10-494B-B221-61CF4FA3B2D7",
            "versionEndIncluding": "2.9.0"
          },
          {
            "criteria": "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "957FC43C-7DBF-445F-952D-2C3AFC3DAF53",
            "versionEndExcluding": "2.10.50",
            "versionStartIncluding": "2.10.0"
          },
          {
            "criteria": "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B9C6A38-B9F3-4B83-872E-4A7FCF10A2CF",
            "versionEndExcluding": "2.11.58",
            "versionStartIncluding": "2.11.0"
          },
          {
            "criteria": "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43352BBA-DDE8-4542-A8E1-10762B634972",
            "versionEndExcluding": "3.0.29",
            "versionStartIncluding": "3.0.0"
          },
          {
            "criteria": "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E42BDC5D-3F5F-45E4-9135-0AA3E4DA94CE",
            "versionEndExcluding": "3.1.7",
            "versionStartIncluding": "3.1.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References