CVE-2024-8782 Information

Description

A vulnerability was found in JFinalCMS up to 1.0. It has been rated as critical. This issue affects the function delete of the file /admin/template/edit. The manipulation of the argument name leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Reference

https://vuldb.com/?id.277433 https://vuldb.com/?ctiid.277433 https://vuldb.com/?submit.405528 https://gitee.com/heyewei/JFinalcms/issues/IAOSJG https://github.com/yhy7612/Seccode/blob/main/README1.md