{"id":"CVE-2021-46115","details":"jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious code.","modified":"2026-07-10T04:00:50.420237273Z","published":"2022-01-26T17:15:07.730Z","database_specific":{},"references":[{"type":"REPORT","url":"https://github.com/JPressProjects/jpress/issues/169"},{"type":"PACKAGE","url":"https://github.com/JPressProjects/jpress"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jpressprojects/jpress","events":[{"introduced":"2e3e8f376a26c1fa98c8d4ecb346d02e26ecb10b"},{"last_affected":"2e3e8f376a26c1fa98c8d4ecb346d02e26ecb10b"}],"database_specific":{"extracted_events":[{"introduced":"4.2.0"},{"last_affected":"4.2.0"}],"cpe":"cpe:2.3:a:jpress:jpress:4.2.0:*:*:*:*:*:*:*","source":"CPE_STRING"}}],"versions":["4.2.0","v4.2.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-46115.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}