CVE-2024-8706: JFinalCMS com.cms.util.TemplateUtils update path traversal
First published: Wed Sep 11 2024(Updated: )
A vulnerability was found in JFinalCMS up to 20240903. It has been classified as problematic. This affects the function update of the file /admin/template/update of the component com.cms.util.TemplateUtils. The manipulation of the argument fileName leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| JFinalCMS | <=20240903 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-8706?
CVE-2024-8706 has been classified as problematic due to its potential for path traversal attacks.
How do I fix CVE-2024-8706?
To fix CVE-2024-8706, update JFinalCMS to a version released after 20240903.
What systems are affected by CVE-2024-8706?
CVE-2024-8706 affects JFinalCMS versions up to and including 20240903.
What type of vulnerability is CVE-2024-8706?
CVE-2024-8706 is a path traversal vulnerability that affects the update function in the JFinalCMS admin template.
Can I exploit CVE-2024-8706 remotely?
Yes, CVE-2024-8706 can be exploited remotely if the vulnerable version of JFinalCMS is accessible over the internet.
- agent/title
- agent/weakness
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/jfinalcms
- canonical/jfinalcms