CVE-2026-6487 in jtbc5 CMSinformation

Résumé

par MITRE • 17/04/2026

A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/code/common/diplomat/manage.php of the component Code Endpoint. This manipulation of the argument path causes path traversal. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

VulDB

Divulgation

17/04/2026

Modérer

accepté

Entrée

VDB-358028

CPE

prêt

CWE

CWE-22 (confirmé)

Exploitation

Télécharger

CVSS

4.3 (VulDB)

EPSS

0.00050

KEV

non

Activités

très faible

Secteur

Lawfirm, Hostingprovider, ...

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-6487
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-6487
CVE Details	https://www.cvedetails.com/cve/CVE-2026-6487/

◂ Précédent Aperçu Suivant ▸

Might our Artificial Intelligence support you?

Check our Alexa App!