CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-46114

jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.013

EPSS Ranking 78.5%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

http://jpress.com
https://github.com/JPressProjects/jpress
https://github.com/JPressProjects/jpress/issues/172
http://jpress.com
https://github.com/JPressProjects/jpress
https://github.com/JPressProjects/jpress/issues/172

Products affected by CVE-2021-46114

Jpress » Jpress » Version: 4.2.0

cpe:2.3:a:jpress:jpress:4.2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-46114

Products

Pricing

Contact Us