Security Advisory

CVE-2024-43033

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-08-22 00:00:00

Last updated 2024-08-23 15:24:23

Assigner mitre

State PUBLISHED

Description

JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to io.jpress.web.commons.controller.AttachmentController#upload. NOTE: this is unrelated to the attack vector for CVE-2024-32358.

← Browse all CVEs View on cve.org ↗