266 matches found
CVE-2025-41429
a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user's session...
CVE-2025-41429
CVE-2025-41429 affects a-blog CMS across multiple versions, where improper log neutralization is cited as the underlying issue. The entry notes that exploitation in combination with CVE-2025-36560 could allow a remote unauthenticated attacker to hijack a legitimate user’s session. Connected sourc...
appleple a-blog cms 路径遍历漏洞
appleple a-blog cms is a content management system from appleple. A path traversal vulnerability exists in appleple a-blog cms versions prior to 3.1.43, which stems from insufficient path validation of the backup function, and could lead to a path traversal attack...
PT-2025-21220 · Unknown · A-Blog Cms
Name of the Vulnerable Software and Affected Versions: a-blog cms affected versions not specified Description: A server-side request forgery vulnerability exists in a-blog cms, allowing a remote unauthenticated attacker to gain access to sensitive information by sending a specially crafted reques...
PT-2025-21218 · Unknown · A-Blog Cms
Name of the Vulnerable Software and Affected Versions: a-blog cms versions prior to 3.1.43 a-blog cms versions prior to 3.0.47 Description: A cross-site scripting issue exists in a specific field in the entry editing screen of a-blog cms, requiring contributor or higher level privileges to exploi...
PT-2025-21216 · Unknown · A-Blog Cms
Name of the Vulnerable Software and Affected Versions: a-blog cms versions prior to 3.1.43 a-blog cms versions prior to 3.0.47 Description: The issue is related to insufficient path validation in the backup feature of a-blog cms, which can be exploited by a remote authenticated attacker with...
PT-2025-21221 · Unknown · A-Blog Cms
Name of the Vulnerable Software and Affected Versions: a-blog cms versions affected versions not specified Description: The issue is related to improper neutralization of logs. A remote unauthenticated attacker may hijack a legitimate user's session if the vulnerability is exploited...
CVE-2025-29461
An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the /bid/1/admin/entry-edit/ path...
BlogCMS 安全漏洞
BlogCMS is a PHP and MySQL based blogging system by Pramod Mahato Individual Developer in India. A security vulnerability exists in BlogCMS version 3.1.15, which stems from improper handling of the /bid/1/admin/entry-edit/ path, which could allow remote attackers to obtain sensitive information...
CVE-2025-31103
Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server...
CVE-2025-31103
Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server...
CVE-2025-31103
Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server...
CVE-2025-31103
The CVE-2025-31103 issue affects a-blog cms and is caused by untrusted data deserialization. Multiple connected sources confirm that processing a crafted request can store arbitrary files on the server and may allow execution of arbitrary scripts. Affected versions include v2.8.x and later up to ...
CVE-2025-31103
Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server...
CVE-2025-31103
Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server...
a-blog cms vulnerable to untrusted data deserialization
Overview a-blog cms provided by appleple inc. contains untrusted data deserialization vulnerability CWE-502. The developer states that attacks exploiting the vulnerability has been observed on a-blog cms Ver.2.8.x series or later. appleple inc. reported this vulnerability to JPCERT/CC to notify...
JVN#66982699: a-blog cms vulnerable to untrusted data deserialization
a-blog cms provided by appleple inc. contains untrusted data deserialization vulnerability CWE-502. The developer states that attacks exploiting the vulnerability has been observed on a-blog cms Ver.2.8.x series or later. Impact Processing a specially crafted request may store arbitrary files on...
PT-2025-13441 · Unknown · A-Blog Cms
Name of the Vulnerable Software and Affected Versions: a-blog cms affected versions not specified Description: A critical issue exists due to the deserialization of untrusted data in a-blog cms, allowing an attacker to store arbitrary files on the server. This can lead to the execution of arbitra...
VulnCheck KEV: CVE-2025-31103
A-blog CMS contains an untrusted data deserialization vulnerability that if successfully exploited can be leveraged to execute an arbitrary script on the server...
CVE-2024-31395
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this...