CVE-2024-13144

A vulnerability classified as critical has been found in zhenfeng13 My-Blog 1.0. Affected is the function uploadFileByEditomd of the file src/main/java/com/site/blog/my/core/controller/admin/BlogController.java. The manipulation of the argument editormd-image-file leads to unrestricted upload. It...

CVE-2024-13144

A vulnerability classified as critical has been found in zhenfeng13 My-Blog 1.0. Affected is the function uploadFileByEditomd of the file src/main/java/com/site/blog/my/core/controller/admin/BlogController.java. The manipulation of the argument editormd-image-file leads to unrestricted upload. It...

CVE-2024-13144 zhenfeng13 My-Blog BlogController.java uploadFileByEditomd unrestricted upload

A vulnerability classified as critical has been found in zhenfeng13 My-Blog 1.0. Affected is the function uploadFileByEditomd of the file src/main/java/com/site/blog/my/core/controller/admin/BlogController.java. The manipulation of the argument editormd-image-file leads to unrestricted upload. It...

CVE-2024-13144 zhenfeng13 My-Blog BlogController.java uploadFileByEditomd unrestricted upload

A vulnerability classified as critical has been found in zhenfeng13 My-Blog 1.0. Affected is the function uploadFileByEditomd of the file src/main/java/com/site/blog/my/core/controller/admin/BlogController.java. The manipulation of the argument editormd-image-file leads to unrestricted upload. It...

CVE-2024-13144

CVE-2024-13144 affects zhenfeng13 My-Blog 1.0. The vulnerability is in the function uploadFileByEditomd of src/main/java/com/site/blog/my/core/controller/admin/BlogController.java. Manipulating the argument editormd-image-file leads to unrestricted upload, allowing remote exploitation. Multiple c...

PT-2025-2030 · Unknown · Zhenfeng13 My-Blog

Name of the Vulnerable Software and Affected Versions: zhenfeng13 My-Blog version 1.0 Description: A critical vulnerability has been found in the software. It affects the uploadFileByEditomd function in the file src/main/java/com/site/blog/my/core/controller/admin/BlogController.java. The...

Z-BlogPHP 安全漏洞

Z-BlogPHP is an open source PHP-based blogging system for the Z-Blog community. A security vulnerability exists in Z-BlogPHP version 1.7.3, which stems from vulnerability to arbitrary code attack via zbusers hemeshell emplate execution...

My-Blog 代码问题漏洞

My-Blog is a Java blog system implemented by SpringBoot + Mybatis + Thymeleaf and other technologies, with beautiful pages, full functionality, easy deployment and perfect code. A code issue exists in My-Blog version 1.0, which stems from an incorrect operation of the parameter editormd-image-fil...

PT-2025-2031 · Unknown · Zhenfeng13 My-Blog

Name of the Vulnerable Software and Affected Versions: zhenfeng13 My-Blog version 1.0 Description: A critical vulnerability was found in the upload function of the file src/main/java/com/site/blog/my/core/controller/admin/uploadController.java. The manipulation of the file argument leads to...

My-Blog 代码问题漏洞

My-Blog is a Java blog system implemented by SpringBoot + Mybatis + Thymeleaf and other technologies, with beautiful pages, full functionality, easy deployment and perfect code. A code issue vulnerability exists in My-Blog version 1.0, which stems from improper handling of the file parameter,...

Friday Squid Blogging: Anniversary Post

I made my first squid post nineteen years ago this week. Between then and now, I posted something about squid every week with maybe only a few exceptions. There is a lot out there about squid, even more if you count the other meanings of the word. Blog moderation policy...

CVE-2024-38732

Cross-Site Request Forgery CSRF vulnerability in VolThemes Patricia Blog allows Cross Site Request Forgery.This issue affects Patricia Blog: from n/a through 1.2...

CVE-2024-38732 WordPress Patricia Blog theme <= 1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in VolThemes Patricia Blog allows Cross Site Request Forgery.This issue affects Patricia Blog: from n/a through 1.2...

CVE-2024-38732

CVE-2024-38732: CSRF vulnerability in VolThemes Patricia Blog theme for WordPress, affecting Patricia Blog versions from n/a through 1.2. Documented CVSS 3.1 base score 4.3 (Medium). Root cause: cross-site request forgery in Patricia Blog; no details on exploit vectors, affected endpoints, or ava...

WordPress plugin Patricia Blog 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

Happy 15th Anniversary, KrebsOnSecurity!

Image: Shutterstock, Dreamansions. KrebsOnSecurity.com turns 15 years old today! Maybe it's indelicate to celebrate the birthday of a cybercrime blog that mostly publishes bad news, but happily many of 2024's most engrossing security stories were about bad things happening to bad guys. It's also ...

Scams Based on Fake Google Emails

Scammers are hacking Google Forms to send email to victims that come from google.com. Brian Krebs reports on the effects. Boing Boing post...

CVE-2024-12335

The Avada Fusion Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the handleclonepost function and the 'fusionblog' shortcode and due to insufficient restrictions on which posts can be included. This makes it possible for...

WordPress plugin Avada Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-17549 · WordPress · Avada (Fusion) Builder

Name of the Vulnerable Software and Affected Versions: Avada Fusion Builder plugin for WordPress versions up to, and including, 3.11.12 Description: The issue allows authenticated attackers with contributor-level access and above to extract data from password protected, private, or draft posts th...