9 matches found
PerfreeBlog 安全漏洞
PerfreeBlog is PerfreeBlog open source a java-based development of blog/CMS site building platform. PerfreeBlog v4.0.11 version of a security vulnerability , the vulnerability stems from installPlugin function has a file upload vulnerability...
EUVD-2025-35861
PerfreeBlog v4.0.11 has a File Upload vulnerability in the installPlugin function...
CVE-2025-60735
PerfreeBlog v4.0.11 has a File Upload vulnerability in the installPlugin function...
CVE-2025-60735
PerfreeBlog v4.0.11 has a File Upload vulnerability in the installPlugin function...
CVE-2025-60735
PerfreeBlog v4.0.11 has a File Upload vulnerability in the installPlugin function...
PT-2025-43664
Name of the Vulnerable Software and Affected Versions PerfreeBlog version 4.0.11 Description PerfreeBlog version 4.0.11 contains a File Upload issue within the installPlugin function. This allows for potential unauthorized file uploads. Recommendations Update to a newer version that contains a fi...
CVE-2025-60735
PerfreeBlog v4.0.11 is affected by a File Upload vulnerability in the installPlugin function. The CVE-2025-60735 entry documents a network-accessible issue with high impact on confidentiality and low on integrity/availability (CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L). Connected reports from...
GHSA-C9M9-48PW-6MPV apiconnect-cli-plugins vulnerable to OS Command Injection
apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the pluginUri argument. PoC js var root = require"apiconnect-cli-plugins"; var payload = "& touch Song &"; root.pluginLoader.installPluginpayload, ""; The injection point is...
OS Command Injection
strapi is vulnerable to OS Command Injection. The vulnerability exists as it does not sanitize nor validate plugin names in installPlugin and uninstallPlugin...