CVE-2024-13199

A vulnerability classified as problematic was found in langhsu Mblog Blog System 3.5.0. Affected by this vulnerability is an unknown functionality of the file /search of the component Search Bar. The manipulation of the argument kw leads to cross site scripting. The attack can be launched remotel...

CVE-2024-13200 wander-chu SpringBoot-Blog HTTP POST Request BaseInterceptor.java preHandle access control

A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java of the component HTTP POST Request Handler. The manipulation leads to improper access...

CVE-2024-13200 wander-chu SpringBoot-Blog HTTP POST Request BaseInterceptor.java preHandle access control

A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java of the component HTTP POST Request Handler. The manipulation leads to improper access...

CVE-2024-13200

wander-chu SpringBoot-Blog 1.0 contains a critical flaw in the HTTP POST Request Handler: the preHandle function in BaseInterceptor.java has improper access controls, enabling remote exploitation. Multiple connected sources confirm the affected component and remote attack possibility, with public...

CVE-2024-13198 langhsu Mblog Blog System login observable response discrepancy

A vulnerability classified as problematic has been found in langhsu Mblog Blog System 3.5.0. Affected is an unknown function of the file /login. The manipulation leads to observable response discrepancy. It is possible to launch the attack remotely. The complexity of an attack is rather high. The...

CVE-2024-13198 langhsu Mblog Blog System login observable response discrepancy

A vulnerability classified as problematic has been found in langhsu Mblog Blog System 3.5.0. Affected is an unknown function of the file /login. The manipulation leads to observable response discrepancy. It is possible to launch the attack remotely. The complexity of an attack is rather high. The...

E-Commerce-PHP 注入漏洞

E-Commerce-PHP is an e-commerce application using native PHP by the individual developer Kurnia Ramadhan Putra. An injection vulnerability exists in E-Commerce-PHP version 1.0, which stems from the blogid parameter of the file /blog-details.php that causes SQL injection...

SpringBoot-Blog 代码问题漏洞

SpringBoot-Blog is a Java blog system for wand individual developers. A code issue vulnerability exists in SpringBoot-Blog version 1.0, which stems from the upload function in file src/main/java/com/my/blog/website/controller/admin/AttachtController.java that can lead to unrestricted uploads...

SpringBoot-Blog 安全漏洞

SpringBoot-Blog is a Java blogging system for wand individual developers. A security vulnerability exists in SpringBoot-Blog version 1.0, which originates from the preHandle function in file src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java that can lead to improper access contro...

PT-2025-2059 · Wander Chu · Springboot-Blog

Name of the Vulnerable Software and Affected Versions: wander-chu SpringBoot-Blog version 1.0 Description: A critical vulnerability has been found in the Admin Attachment Handler component, specifically affecting the upload function of the AttachtController.java file. The manipulation of the file...

PT-2025-2060 · Wander Chu · Springboot-Blog

Name of the Vulnerable Software and Affected Versions: wander-chu SpringBoot-Blog version 1.0 Description: A vulnerability was found in the function modifiyArticle of the file src/main/java/com/my/blog/website/controller/admin/PageController.java of the component Blog Article Handler. The...

PT-2025-2058 · Wander Chu · Springboot-Blog

Name of the Vulnerable Software and Affected Versions: wander-chu SpringBoot-Blog version 1.0 Description: A critical vulnerability was found in the HTTP POST Request Handler component, specifically affecting the preHandle function of the BaseInterceptor.java file. This leads to improper access...

PT-2025-2062 · Unknown · Kurniaramadhan E-Commerce-Php

Name of the Vulnerable Software and Affected Versions: kurniaramadhan E-Commerce-PHP version 1.0 Description: A critical issue affects an unknown functionality of the file /blog-details.php. The manipulation of the blog id argument leads to SQL injection. The attack can be launched remotely. The...

Happy 22nd Birthday TaoSecurity Blog

Happy birthday TaoSecurity Blog, born on this day in 2003! The best way to digest the key lessons from this site is to browse my four volume Best of TaoSecurity Blog book series, published in 2020. It's available in print as seen here, or as a properly formatted HTML-based digital book -- none of...

2024 Perspective: The Ultimate re:Invent Recap

Ashley & Danielle's Ultimate Recap...

CVE-2024-13145

A vulnerability classified as critical was found in zhenfeng13 My-Blog 1.0. Affected by this vulnerability is the function upload of the file src/main/java/com/site/blog/my/core/controller/admin/uploadController. java. The manipulation of the argument file leads to unrestricted upload. The attack...

CVE-2024-13145

A vulnerability classified as critical was found in zhenfeng13 My-Blog 1.0. Affected by this vulnerability is the function upload of the file src/main/java/com/site/blog/my/core/controller/admin/uploadController. java. The manipulation of the argument file leads to unrestricted upload. The attack...

CVE-2024-13145 zhenfeng13 My-Blog uploadController. java upload unrestricted upload

A vulnerability classified as critical was found in zhenfeng13 My-Blog 1.0. Affected by this vulnerability is the function upload of the file src/main/java/com/site/blog/my/core/controller/admin/uploadController. java. The manipulation of the argument file leads to unrestricted upload. The attack...

CVE-2024-13145

CVE-2024-13145 affects zhenfeng13 My-Blog 1.0. The vulnerability lies in the upload function (src/main/java/com/site/blog/my/core/controller/admin/uploadController.java): manipulation of the file parameter leads to unrestricted file upload. This enables remote exploitation. Multiple connected sou...

CVE-2024-13145 zhenfeng13 My-Blog uploadController. java upload unrestricted upload

A vulnerability classified as critical was found in zhenfeng13 My-Blog 1.0. Affected by this vulnerability is the function upload of the file src/main/java/com/site/blog/my/core/controller/admin/uploadController. java. The manipulation of the argument file leads to unrestricted upload. The attack...