Jpress

Jpress

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2024-12348

Exploit
  • EPSS 0.24%
  • Veröffentlicht 09.12.2024 01:15:05
  • Zuletzt bearbeitet 04.06.2025 19:13:14

A vulnerability was found in Guizhou Xiaoma Technology jpress 5.1.2. It has been classified as problematic. Affected is the function AttachmentUtils.isUnSafe of the file /commons/attachment/upload of the component Attachment Upload Handler. The manip...

5.4

CVE-2024-11971

Exploit
  • EPSS 0.07%
  • Veröffentlicht 28.11.2024 22:15:15
  • Zuletzt bearbeitet 03.12.2024 20:04:46

A vulnerability classified as problematic was found in Guizhou Xiaoma Technology jpress 5.1.2. Affected by this vulnerability is an unknown functionality of the file /commons/attachment/upload of the component Avatar Handler. The manipulation of the ...

9.8

CVE-2024-50919

Exploit
  • EPSS 0.4%
  • Veröffentlicht 18.11.2024 20:15:05
  • Zuletzt bearbeitet 21.05.2025 18:06:38

Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of non-standard file formats such as .jsp. can lead to arbitrary command execution

7.5

CVE-2024-46468

Exploit
  • EPSS 0.41%
  • Veröffentlicht 11.10.2024 21:15:07
  • Zuletzt bearbeitet 27.05.2025 19:31:56

A Server-Side Request Forgery (SSRF) vulnerability exists in the jpress <= v5.1.1, which can be exploited by an attacker to obtain sensitive information, resulting in an information disclosure.

4.9

CVE-2024-8304

Exploit
  • EPSS 0.19%
  • Veröffentlicht 29.08.2024 15:15:35
  • Zuletzt bearbeitet 19.09.2024 17:39:46

A vulnerability has been found in jpress up to 5.1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/template/edit of the component Template Module Handler. The manipulation leads to path trav...

8.8

CVE-2024-43033

Exploit
  • EPSS 1.5%
  • Veröffentlicht 22.08.2024 01:15:03
  • Zuletzt bearbeitet 03.06.2025 14:25:22

JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to io.jpress.web.commons.controller.AttachmentController#upload. NOTE...

7.5

CVE-2024-32358

  • EPSS 0.9%
  • Veröffentlicht 25.04.2024 17:15:50
  • Zuletzt bearbeitet 03.06.2025 14:24:31

An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, a different vulnerability than CVE-2024-43033.

8.8

CVE-2022-23330

Exploit
  • EPSS 1.99%
  • Veröffentlicht 04.02.2022 22:15:07
  • Zuletzt bearbeitet 21.11.2024 06:48:25

A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package.

8.8

CVE-2021-46114

Exploit
  • EPSS 0.78%
  • Veröffentlicht 26.01.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:33:39

jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.

7.2

CVE-2021-46118

Exploit
  • EPSS 3.44%
  • Veröffentlicht 26.01.2022 17:15:07
  • Zuletzt bearbeitet 21.11.2024 06:33:39

jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.