- Description
- Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may execute an arbitrary command on the server.
- Source
- vultures@jpcert.or.jp
- NVD status
- Analyzed
- Products
- a-blog_cms
CVSS 3.1
- Type
- Secondary
- Base score
- 6.6
- Impact score
- 5.9
- Exploitability score
- 0.7
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-94
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5CDA3C7-736D-4E64-B2E0-7C45C702DF32",
"versionEndExcluding": "3.0.32",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:appleple:a-blog_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "358CC9AE-9361-45BA-B28D-1AE64536FA46",
"versionEndExcluding": "3.1.12",
"versionStartIncluding": "3.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]