141 matches found
OneBlog License Issues Vulnerabilities
OneBlog is a beautiful, powerful Java blog. An authorization issue vulnerability exists in OneBlog v2.3.4, which stems from the presence of insecure privileges in the program, and can be exploited by an attacker to allow a low-level administrator to reset the password of a high-level administrato...
OneBlog entryUrls parameter server-side request forgery vulnerability
OneBlog is a Java blog. version v2.3.4 of OneBlog contains a server-side request forgery vulnerability in which the source parameter entryUrls fails to properly validate user input and can be exploited to probe the server's intranet resources...
OneBlog Logo Parameter Server-Side Request Forgery Vulnerability
OneBlog is a beautiful and powerful Java blog. OneBlog v2.3.4 version exists server-side request forgery vulnerability, the vulnerability stems from the Link module under the Logo parameter fails to correctly validate the user input, an attacker can use the vulnerability to probe the server...
CVE-2022-34012
Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of high-level administrators who hold greater privileges...
CVE-2022-34013
OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the Logo parameter under the Link module...
CVE-2022-34013
OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the Logo parameter under the Link module...
CVE-2022-34011
OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the parameter entryUrls...
CVE-2022-34012
Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of high-level administrators who hold greater privileges...
CVE-2022-34011
OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the parameter entryUrls...
CVE-2022-34013
OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the Logo parameter under the Link module...
CVE-2022-34012
Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of high-level administrators who hold greater privileges...
CVE-2022-34011
OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the parameter entryUrls...
Server side request forgery (ssrf)
OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the parameter entryUrls...
Design/Logic Flaw
Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of high-level administrators who hold greater privileges...
Server side request forgery (ssrf)
OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the Logo parameter under the Link module...
CVE-2022-34013
OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the Logo parameter under the Link module...
CVE-2022-34013
CVE-2022-34013 affects OneBlog v2.3.4, where a Server-Side Request Forgery (SSRF) vulnerability exists via the Logo parameter in the Link module. The issue stems from insufficient validation of user input in this parameter, enabling an attacker to trigger SSRF against internal resources. Publicly...
CVE-2022-34011
CVE-2022-34011 refers to a Server-Side Request Forgery (SSRF) in OneBlog v2.3.4. The vulnerability is triggered through the entryUrls parameter, which fails to properly validate user input, allowing an attacker to induce requests from the affected server and potentially probe the server’s intrane...
CVE-2022-34011
OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the parameter entryUrls...
CVE-2022-34012
CVE-2022-34012 affects OneBlog v2.3.4. The issue is insecure permissions that let low-privilege administrators reset passwords of higher-privilege admins, implying a privilege-override flaw in authorization controls. The root cause is improper privilege checks within OneBlog’s admin flows. Docume...