Lucene search
+L

7 matches found

NVD
NVD
added 2022/02/08 10:15 p.m.42 views

CVE-2022-23626

m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions imagecreatefrom and image have not been checked properly. Although PHP issued warnings and the upload function returned false, the original file that could contain a malicious payload was kept on the disk. Use...

8.8CVSS0.09874EPSS
Exploits4References3
Vulnrichment
Vulnrichment
added 2022/02/08 10:0 p.m.11 views

CVE-2022-23626 Insufficient file checks in m1k1o/blog

m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions imagecreatefrom and image have not been checked properly. Although PHP issued warnings and the upload function returned false, the original file that could contain a malicious payload was kept on the disk. Use...

8.5CVSS8.8AI score0.09874EPSS
Exploits4References3
Cvelist
Cvelist
added 2022/02/08 10:0 p.m.45 views

CVE-2022-23626 Insufficient file checks in m1k1o/blog

m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions imagecreatefrom and image have not been checked properly. Although PHP issued warnings and the upload function returned false, the original file that could contain a malicious payload was kept on the disk. Use...

8.5CVSS9AI score0.09874EPSS
Exploits4References3
CVE
CVE
added 2022/02/08 10:0 p.m.134 views

CVE-2022-23626

Vulnerability: CVE-2022-23626 in m1k1o/blog (PHP blog) where errors from imagecreatefrom* / image* were not checked, allowing the original uploaded file to remain on disk despite PHP warnings. Impact described as potential exposure of malicious payloads stored on disk; remediation advised is upgr...

8.8CVSS8.7AI score0.09874EPSS
Exploits4References3Affected Software1
OSV
OSV
added 2022/02/08 10:0 p.m.29 views

CVE-2022-23626 Insufficient file checks in m1k1o/blog

m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions imagecreatefrom and image have not been checked properly. Although PHP issued warnings and the upload function returned false, the original file that could contain a malicious payload was kept on the disk. Use...

8.5CVSS8.4AI score0.09874EPSS
Exploits4References5
CNNVD
CNNVD
added 2022/02/08 12:0 a.m.4 views

M1k1o Blog 输入验证错误漏洞

M1k1o Blog is a simple self-hosted, lightweight, single-user PHP blog where you can create your own Facebook-like feed. An input validation error vulnerability exists in M1k1o Blog, which stems from an error in the product functions imagecreatefrom and image that is not properly checked...

8.8CVSS7.9AI score0.09874EPSS
Exploits4References7
Positive Technologies
Positive Technologies
added 2022/02/08 12:0 a.m.4 views

PT-2022-16140 · Unknown · M1K1O/Blog

Name of the Vulnerable Software and Affected Versions: m1k1o/blog affected versions not specified Description: The issue concerns a lightweight self-hosted PHP blog, where errors from functions imagecreatefrom and image have not been checked properly. Although PHP issued warnings and the upload...

8.8CVSS8.6AI score0.09874EPSS
Exploits4References8
Rows per page
Query Builder