CVE-2024-8782
CVSS 3.1 Score 6.3 of 10 (medium)
Details
Summary
CVE-2024-8782 is a critical vulnerability that affects JFinalCMS versions up to 1.0, specifically in the delete function of the file located at /admin/template/edit. This vulnerability allows for path traversal through manipulation of the argument name, enabling potential remote exploitation by attackers. Organizations using this software may face risks including unauthorized access to sensitive files and system compromise due to the nature of the exploit. To remediate this issue, users are advised to update JFinalCMS to a patched version or implement security measures to restrict access and validate input parameters effectively. The vulnerability has been publicly disclosed, making it imperative for affected organizations to address it promptly.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.