Skip to main content

Jpress CVE-2024-32358

HIGH
Code Injection (CWE-94)
2024-04-25 cve@mitre.org
7.5
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Apr 25, 2024 - 17:15 cve.org
HIGH 7.5

DescriptionCVE.org

An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, a different vulnerability than CVE-2024-43033.

AnalysisAI

An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, a different vulnerability than CVE-2024-43033. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, a different vulnerability than CVE-2024-43033. Affected products include: Jpress.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.

More in Jpress

View all
CVE-2021-45807 CRITICAL POC
9.8 Jan 13

jpress v4.2.0 is vulnerable to command execution via io.jpress.web.admin._AddonController::doUploadAndInstall. Rated cri

CVE-2024-50919 CRITICAL POC
9.8 Nov 18

Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of non-standard file format

CVE-2021-45806 HIGH POC
8.8 Jan 13

jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious

CVE-2021-46114 HIGH POC
8.8 Jan 26

jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. Rated high severity (CVSS

CVE-2021-45808 HIGH POC
8.8 Jan 19

jpress v4.2.0 allows users to register an account by default. Rated high severity (CVSS 8.8), this vulnerability is remo

CVE-2024-43033 HIGH POC
8.8 Aug 22

JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via

CVE-2021-46117 HIGH POC
7.2 Jan 26

jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEmail. Rated high seve

CVE-2021-46118 HIGH POC
7.2 Jan 26

jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail. Rated

CVE-2021-46116 HIGH POC
7.2 Jan 26

jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. Rated high se

CVE-2024-46468 HIGH POC
7.5 Oct 11

A Server-Side Request Forgery (SSRF) vulnerability exists in the jpress <= v5.1.1, which can be exploited by an attacker

CVE-2021-46115 HIGH POC
7.2 Jan 26

jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. Rated high severity (CVSS 7.

CVE-2021-33347 MEDIUM POC
5.4 Jun 18

An issue was discovered in JPress v3.3.0 and below. Rated medium severity (CVSS 5.4), this vulnerability is remotely exp

Share

CVE-2024-32358 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy