CVE-2024-32358

HIGH

Jpress 5.1.0 - Remote Code Execution via Custom Plugin Module

Title source: llm

Description

An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, a different vulnerability than CVE-2024-43033.

References (5)

Core 5

Core References

Third Party Advisory

https://gist.github.com/rootlili/a6b6c89591f4773857ae81b7ca5898bc

Release Notes

https://gitee.com/JPressProjects/jpress/releases/tag/v5.1.0

Release Notes

https://github.com/JPressProjects/jpress/releases/tag/v5.1.0

Product

https://www.jpress.cn/download

Permissions Required

https://www.wolai.com/catr00t/2LujDzjjcrAjUYpWtcusXD

Scores

CVSS v3 7.5

EPSS 0.0074

EPSS Percentile 49.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-94

Status published

Products (1)

jpress/jpress 5.1.0

Published Apr 25, 2024

Tracked Since Feb 18, 2026