Home > Vulnerability Database > CVE-2024-8694

Mend.io Vulnerability Database

CVE-2024-8694

Date: September 11, 2024

A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the component com.cms.controller.admin.TemplateController. The manipulation of the argument fileName leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Language: Java

Severity Score

3.8

Related Resources (7)

Url: https://github.com/wave-to/SomeCms/blob/main/JFinalCMS.md

Url: https://gitee.com/heyewei/JFinalcms/issues/IAOKSQ

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-8694

Url: https://vuldb.com/?id.277167

Url: https://vuldb.com/?ctiid.277167

Url: https://vuldb.com/?submit.401858

Url: https://www.mend.io/vulnerability-database/CVE-2024-8694

Severity Score

3.8

Weakness Type (CWE)

Path Traversal

CWE-22

CVSS v3.1

Base Score:	3.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	4.7
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	MULTIPLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2024-8694

Date: September 11, 2024

Language: Java

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?