CVE-2024-8694

MEDIUM Year: 2024
CVSS v3 Score
3.8
Low
CVSS v2 Score
4.7
Medium
Weakness Type
CWE-22
View all →

Vulnerability Description

A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the component com.cms.controller.admin.TemplateController. The manipulation of the argument fileName leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Related Vulnerabilities

CVE-2021-24242

LOW
CVSS:3.8(Low)

The Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.8 is affected by a local file inclusion vulnerability through the maliciously constructed sub_page parameter of the plu...

CWE-222021

CVE-2022-27621

LOW
CVSS:3.8(Low)

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or wri...

CWE-222022

CVE-2023-41044

LOW
CVSS:3.8(Low)

Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's `Support Bundle` feature. The vulnerability is caused by incorrect user input validation ...

CWE-222023

CVE-2024-41938

MEDIUM
CVSS:3.8(Low)

A vulnerability has been identified in SINEC NMS (All versions < V3.0). The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allo...

CWE-222024

CVE-2025-27397

MEDIUM
CVSS:3.8(Low)

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit user controlled paths to which logs are written and from wher...

CWE-222025

CVE-2025-27566

MEDIUM
CVSS:3.8(Low)

Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the backup feature, and exploit...

CWE-222025