A vulnerability was found in JFinalCMS 1.0. It has been rated as critical. Affected by this issue is the function update of the file \src\main\java\com\cms\controller\admin\TemplateController.java of the component Template Handler. The manipulation of the argument content leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
History

Wed, 11 Dec 2024 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Jwillber
Jwillber jfinalcms
Weaknesses CWE-94
CPEs cpe:2.3:a:jwillber:jfinalcms:1.0:*:*:*:*:*:*:*
Vendors & Products Jwillber
Jwillber jfinalcms

Mon, 09 Dec 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Jfinalcms Project
Jfinalcms Project jfinalcms
CPEs cpe:2.3:a:jfinalcms_project:jfinalcms:*:*:*:*:*:*:*:*
Vendors & Products Jfinalcms Project
Jfinalcms Project jfinalcms
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 09 Dec 2024 01:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in JFinalCMS 1.0. It has been rated as critical. Affected by this issue is the function update of the file \src\main\java\com\cms\controller\admin\TemplateController.java of the component Template Handler. The manipulation of the argument content leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Title JFinalCMS Template TemplateController.java update command injection
Weaknesses CWE-74
CWE-77
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-12-09T00:31:05.003Z

Updated: 2024-12-09T15:33:39.069Z

Reserved: 2024-12-08T16:58:59.907Z

Link: CVE-2024-12350

cve-icon Vulnrichment

Updated: 2024-12-09T15:33:33.675Z

cve-icon NVD

Status : Analyzed

Published: 2024-12-09T01:15:05.943

Modified: 2024-12-11T17:32:54.327

Link: CVE-2024-12350

cve-icon Redhat

No data.