CVE-2024-8782

MEDIUM

JFinalCMS <1.0 - Path Traversal

Title source: llm

Description

A vulnerability was found in JFinalCMS up to 1.0. It has been rated as critical. This issue affects the function delete of the file /admin/template/edit. The manipulation of the argument name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

gitee 541 stars

by heyewei · javawriteup

https://gitee.com/heyewei/JFinalcms/issues/IAOSJG

References (5)

[Issue Tracking] https://gitee.com/heyewei/JFinalcms/issues/IAOSJG

[Exploit] https://github.com/yhy7612/Seccode/blob/main/README1.md

View Exploit ZIP pw:eip

[Permissions Required] https://vuldb.com/?ctiid.277433

[Third Party Advisory] https://vuldb.com/?id.277433

[Third Party Advisory] https://vuldb.com/?submit.405528

Scores

CVSS v3 6.3

EPSS 0.0011

EPSS Percentile 29.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-22

Status published

Products (1)

heyewei/jfinalcms < 1.0

Published Sep 13, 2024

Tracked Since Feb 18, 2026