Remote Code Execution Vulnerability in Jpress v.5.1.0
CVE-2024-32358

7.5HIGH

Key Information:

Vendor: Jpress
Status: Jpress
Vendor: CVE Published:; 25 April 2024

Summary

A vulnerability in Jpress version 5.1.0 enables remote attackers to exploit a crafted script through the custom plug-in module function, leading to potential arbitrary code execution. This issue necessitates immediate attention for users to ensure the security of their installations, distinct from another identified issue.

References

https://www.wolai.com/catr00t/2LujDzjjcrAjUYpWtcusXD

https://gist.github.com/rootlili/a6b6c89591f4773857ae81b7...

https://github.com/JPressProjects/jpress/releases/tag/v5.1.0

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 25, 2024