{"cve":{"cve_id":"CVE-2024-27279","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00832,"epss_percentile":0.52844,"epss_as_of":"2026-06-23","description":"Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with editor or higher privilege who can login to the product may obtain arbitrary files on the server including password files.","published_at":"2024-03-12T08:19:48.705000Z","last_modified_at":null,"cvss_v3_score":6.5,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","cvss_v3_severity":"MEDIUM","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"partial","cwes":["CWE-22"],"nvd_references":["https://developer.a-blogcms.jp/blog/news/JVN-48443978.html","https://jvn.jp/en/jp/JVN48443978/"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T01:54:51.652410Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"N","value_label":"None"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"appleple-inc.","vendor_name":"appleple inc.","product_slug":"a-blog-cms","product_name":"a-blog cms","version_start":"Ver.2.9 and earlier ","version_start_inclusive":true,"version_end":"Ver.2.9 and earlier ","version_end_inclusive":true,"cpe23_uri":"cve5:appleple-inc.:a-blog-cms:Ver.2.9 and earlier :Ver.2.9 and earlier "},{"vendor_slug":"appleple-inc.","vendor_name":"appleple inc.","product_slug":"a-blog-cms-ver.2.10.x-series","product_name":"a-blog cms (Ver.2.10.x series)","version_start":"Ver.2.10.51 and earlier","version_start_inclusive":true,"version_end":"Ver.2.10.51 and earlier","version_end_inclusive":true,"cpe23_uri":"cve5:appleple-inc.:a-blog-cms-ver.2.10.x-series:Ver.2.10.51 and earlier:Ver.2.10.51 and earlier"},{"vendor_slug":"appleple-inc.","vendor_name":"appleple inc.","product_slug":"a-blog-cms-ver.2.11.x-series","product_name":"a-blog cms (Ver.2.11.x series)","version_start":"Ver.2.11.59 and earlier","version_start_inclusive":true,"version_end":"Ver.2.11.59 and earlier","version_end_inclusive":true,"cpe23_uri":"cve5:appleple-inc.:a-blog-cms-ver.2.11.x-series:Ver.2.11.59 and earlier:Ver.2.11.59 and earlier"},{"vendor_slug":"appleple-inc.","vendor_name":"appleple inc.","product_slug":"a-blog-cms-ver.3.0.x-series","product_name":"a-blog cms (Ver.3.0.x series)","version_start":"Ver.3.0.30 and earlier","version_start_inclusive":true,"version_end":"Ver.3.0.30 and earlier","version_end_inclusive":true,"cpe23_uri":"cve5:appleple-inc.:a-blog-cms-ver.3.0.x-series:Ver.3.0.30 and earlier:Ver.3.0.30 and earlier"},{"vendor_slug":"appleple-inc.","vendor_name":"appleple inc.","product_slug":"a-blog-cms-ver.3.1.x-series","product_name":"a-blog cms (Ver.3.1.x series)","version_start":"Ver.3.1.9 and earlier","version_start_inclusive":true,"version_end":"Ver.3.1.9 and earlier","version_end_inclusive":true,"cpe23_uri":"cve5:appleple-inc.:a-blog-cms-ver.3.1.x-series:Ver.3.1.9 and earlier:Ver.3.1.9 and earlier"}],"exploit_refs":[],"news":[],"references":[{"url":"https://developer.a-blogcms.jp/blog/news/JVN-48443978.html","source_type":"MISC","tags":[]},{"url":"https://jvn.jp/en/jp/JVN48443978/","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2024-03-12T08:19:48.705000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:34:44.935294Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:34:44.935294Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:34:44.935294Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T01:54:51.652410Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:54:51.652410Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:54:51.652410Z","label":"SSVC decision revised","source":"vulnrichment"}]}