Vulnerability Details CVE-2024-32358
An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, a different vulnerability than CVE-2024-43033.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.2%
CVSS Severity
CVSS v3 Score 7.5
References
- https://gist.github.com/rootlili/a6b6c89591f4773857ae81b7ca5898bc
- https://gitee.com/JPressProjects/jpress/releases/tag/v5.1.0
- https://github.com/JPressProjects/jpress/releases/tag/v5.1.0
- https://www.jpress.cn/download
- https://www.wolai.com/catr00t/2LujDzjjcrAjUYpWtcusXD
- https://gist.github.com/rootlili/a6b6c89591f4773857ae81b7ca5898bc
- https://www.wolai.com/catr00t/2LujDzjjcrAjUYpWtcusXD