CVE-2024-8694

CVSS 3.1 Score 3.8 of 10 (low)

Details

Published Sep 11, 2024
Updated: Sep 12, 2024
CWE ID 22

Summary

CVE-2024-8694 is a vulnerability found in JFinalCMS versions up to 20240903, specifically affecting the file update function in the TemplateController component. This vulnerability allows for path traversal attacks due to improper handling of the fileName argument, which can be exploited remotely. The potential risk includes unauthorized access to sensitive files and data within the affected system, necessitating high privileges for exploitation. To remediate this issue, organizations should update their JFinalCMS installations to a version beyond 20240903. The CVSS score for this vulnerability is 4.7, indicating a low severity level but still posing significant risks if not addressed.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share