Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with editor or higher privilege who can login to the product may obtain arbitrary files on the server including password files.
References
Link | Resource |
---|---|
https://developer.a-blogcms.jp/blog/news/JVN-48443978.html | Vendor Advisory |
https://jvn.jp/en/jp/JVN48443978/ | Third Party Advisory |
https://developer.a-blogcms.jp/blog/news/JVN-48443978.html | Vendor Advisory |
https://jvn.jp/en/jp/JVN48443978/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
13 May 2025, 15:13
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:* | |
First Time |
Appleple a-blog Cms
Appleple |
|
References | () https://developer.a-blogcms.jp/blog/news/JVN-48443978.html - Vendor Advisory | |
References | () https://jvn.jp/en/jp/JVN48443978/ - Third Party Advisory |
21 Nov 2024, 09:04
Type | Values Removed | Values Added |
---|---|---|
References | () https://developer.a-blogcms.jp/blog/news/JVN-48443978.html - | |
References | () https://jvn.jp/en/jp/JVN48443978/ - |
31 Oct 2024, 19:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-22 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
Summary |
|
12 Mar 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-03-12 09:15
Updated : 2025-05-13 15:13
NVD link : CVE-2024-27279
Mitre link : CVE-2024-27279
CVE.ORG link : CVE-2024-27279
JSON object : View
Products Affected
appleple
- a-blog_cms
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')