CVE-2025-13816 moxi159753 Mogu Blog v2 ZIP File unzipFile FileOperation.unzip path traversal

A security vulnerability has been detected in moxi159753 Mogu Blog v2 up to 5.2. The impacted element is the function FileOperation.unzip of the file /networkDisk/unzipFile of the component ZIP File Handler. Such manipulation of the argument fileUrl leads to path traversal. The attack may be...

CVE-2025-13816

Summary: CVE-2025-13816 affects moxi159753 Mogu Blog v2 up to 5.2. The vulnerability lies in the ZIP File Handler’s FileOperation.unzip function (in /networkDisk/unzipFile). Manipulating the fileUrl argument enables path traversal, potentially enabling remote, unauthenticated access. Documents in...

CVE-2025-13814

A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released...

CVE-2025-13814

A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released...

CVE-2025-13815 moxi159753 Mogu Blog v2 pictures unrestricted upload

A weakness has been identified in moxi159753 Mogu Blog v2 up to 5.2. The affected element is an unknown function of the file /file/pictures. This manipulation of the argument filedatas causes unrestricted upload. The attack may be initiated remotely. The exploit has been made available to the...

EUVD-2025-199960

A weakness has been identified in moxi159753 Mogu Blog v2 up to 5.2. The affected element is an unknown function of the file /file/pictures. This manipulation of the argument filedatas causes unrestricted upload. The attack may be initiated remotely. The exploit has been made available to the...

CVE-2025-13815 moxi159753 Mogu Blog v2 pictures unrestricted upload

A weakness has been identified in moxi159753 Mogu Blog v2 up to 5.2. The affected element is an unknown function of the file /file/pictures. This manipulation of the argument filedatas causes unrestricted upload. The attack may be initiated remotely. The exploit has been made available to the...

CVE-2025-13815

CVE-2025-13815 affects moxi159753 Mogu Blog v2 up to 5.2. The vulnerability occurs in an unknown function under the endpoint /file/pictures where manipulating the argument filedatas enables an unrestricted file upload. The attack is remote and public exploit PoCs exist. Multiple sources confirm t...

EUVD-2025-199972

A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released...

CVE-2025-13814 moxi159753 Mogu Blog v2 uploadPicsByUrl LocalFileServiceImpl.uploadPictureByUrl server-side request forgery

A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released...

CVE-2025-13814 moxi159753 Mogu Blog v2 uploadPicsByUrl LocalFileServiceImpl.uploadPictureByUrl server-side request forgery

A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released...

CVE-2025-13814

The CVE affects moxi159753 Mogu Blog v2 up to 5.2. The vulnerability is in LocalFileServiceImpl.uploadPictureByUrl (file /file/uploadPicsByUrl) and enables server-side request forgery. Exploitation can be performed remotely and, per sources, a public PoC exists; vendor did not respond to disclosu...

CVE-2025-13813

A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be initiated remotely. The attack's complexity is rat...

CVE-2025-13813

A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be initiated remotely. The attack's complexity is rat...

CVE-2025-13813 moxi159753 Mogu Blog v2 Storage Management Endpoint storage authorization

A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be initiated remotely. The attack's complexity is rat...

CVE-2025-13813 moxi159753 Mogu Blog v2 Storage Management Endpoint storage authorization

A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be initiated remotely. The attack's complexity is rat...

EUVD-2025-199958

A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be initiated remotely. The attack's complexity is rat...

CVE-2025-13813

CVE-2025-13813 affects the moxi159753 Mogu Blog v2 family up to version 5.2. The issue resides in the Storage Management Endpoint’s handling of the file "/storage/", where missing authorization allows remote exploitation. Documented impact includes unauthorized access with high attack complexity ...

Mogu blog 安全漏洞

Mogu blog 蘑菇博客 is a micro-architecture based front-end and back-end shared blogging system by individual developers in Streamlet, China. A security vulnerability exists in Mogu blog v2 5.2 and earlier versions, which originates from a lack of authorization checking in the file /storage/ in the...

PT-2025-48416

Name of the Vulnerable Software and Affected Versions moxi159753 Mogu Blog versions up to 5.2 Description A flaw exists in the Storage Management Endpoint component of moxi159753 Mogu Blog. The issue involves unauthorized processing of the /storage/ file, leading to a missing authorization check...