8 matches found
CVE-2022-23626
m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions imagecreatefrom and image have not been checked properly. Although PHP issued warnings and the upload function returned false, the original file that could contain a malicious payload was kept on the disk. Use...
m1k1o Blog v.10 - Remote Code Execution Exploit
Exploit Title: m1k1o's Blog v.10 - Remote Code Execution RCE Authenticated Exploit Author: Malte V Vendor Homepage: https://github.com/m1k1o/blog Software Link: https://github.com/m1k1o/blog/archive/refs/tags/v1.3.zip Version: 1.3 and below Tested on: Linux CVE : CVE-2022-23626 import argparse...
m1k1o's Blog v.10 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: m1k1o's Blog v.10 - Remote Code Execution RCE Authenticated Date: 2022-01-06 Exploit Author: Malte V Vendor Homepage: https://github.com/m1k1o/blog Software Link: https://github.com/m1k1o/blog/archive/refs/tags/v1.3.zip Version: 1.3 and below Tested on: Linux CVE : CVE-2022-23626...
CVE-2022-23626
creationtimestamp| type| source ---|---|--- 2022-02-09 00:15:27+00:00| seen| https://t.me/cibsecurity/37028...
CVE-2022-23626
m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions imagecreatefrom and image have not been checked properly. Although PHP issued warnings and the upload function returned false, the original file that could contain a malicious payload was kept on the disk. Use...
CVE-2022-23626 Insufficient file checks in m1k1o/blog
m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions imagecreatefrom and image have not been checked properly. Although PHP issued warnings and the upload function returned false, the original file that could contain a malicious payload was kept on the disk. Use...
CVE-2022-23626 Insufficient file checks in m1k1o/blog
m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions imagecreatefrom and image have not been checked properly. Although PHP issued warnings and the upload function returned false, the original file that could contain a malicious payload was kept on the disk. Use...
CVE-2022-23626
Vulnerability: CVE-2022-23626 in m1k1o/blog (PHP blog) where errors from imagecreatefrom* / image* were not checked, allowing the original uploaded file to remain on disk despite PHP warnings. Impact described as potential exposure of malicious payloads stored on disk; remediation advised is upgr...