124 matches found
CVE-2023-40825
An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list...
CVE-2025-60319
PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint AttachController.java...
EUVD-2025-37024
PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint AttachController.java...
CVE-2025-60319
PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint AttachController.java...
CVE-2025-60319
PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint AttachController.java...
CVE-2025-60319
PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint AttachController.java...
PT-2025-44429
Name of the Vulnerable Software and Affected Versions PerfreeBlog version 4.0.11 Description The software contains a Server-Side Request Forgery condition resulting from a missing authorization check. This issue affects the uploadAttachByUrl API endpoint located in the AttachController.java file...
PerfreeBlog 安全漏洞
PerfreeBlog is PerfreeBlog open source, a java-based blog/CMS builder. A security vulnerability exists in PerfreeBlog version 4.0.11, which stems from a lack of authorization checking in the uploadAttachByUrl API endpoint, which could lead to server-side request forgery...
CVE-2025-60319
PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint AttachController.java...
CVE-2025-60319
PerfreeBlog v4.0.11 is affected by CVE-2025-60319, a Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl endpoint (AttachController.java). The issue enables SSRF via the /uploadAttachByUrl API, with a CVSS v3.1 base score of 6.5 (MEDIUM) and network attack ve...
CVE-2025-60729
PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function...
CVE-2025-60731
PerfreeBlog v4.0.11 has a File Upload vulnerability in the installTheme function...
CVE-2025-60735
PerfreeBlog v4.0.11 has a File Upload vulnerability in the installPlugin function...
CVE-2025-60730
PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function...
PerfreeBlog 安全漏洞
PerfreeBlog is PerfreeBlog open source a java-based development of the blog / CMS site building platform. PerfreeBlog 4.0.11 version of a security vulnerability , the vulnerability stems from validThemeFilePath function has an arbitrary file read problem...
PerfreeBlog 安全漏洞
PerfreeBlog is PerfreeBlog open source a java-based development of blog/CMS site building platform. PerfreeBlog v4.0.11 version of a security vulnerability , the vulnerability stems from the unInstallTheme function has an arbitrary file deletion vulnerability...
PerfreeBlog 安全漏洞
PerfreeBlog is PerfreeBlog open source a java-based development of blog/CMS site building platform. PerfreeBlog v4.0.11 version of a security vulnerability , the vulnerability stems from installPlugin function has a file upload vulnerability...
PerfreeBlog 安全漏洞
PerfreeBlog is PerfreeBlog open source a java-based development of blog/CMS site building platform. PerfreeBlog v4.0.11 version of a security vulnerability , the vulnerability stems from installTheme function has a file upload vulnerability...
EUVD-2025-35860
PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function...
EUVD-2025-35886
PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function...