CVE-2024-13145

Sažetak

A vulnerability classified as critical was found in zhenfeng13 My-Blog 1.0. Affected by this vulnerability is the function upload of the file src/main/java/com/site/blog/my/core/controller/admin/uploadController. java. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Reference

https://github.com/ZHENFENG13/My-Blog/issues/141
https://github.com/ZHENFENG13/My-Blog/issues/141#issue-2759820153
https://vuldb.com/?ctiid.290233
https://vuldb.com/?id.290233
https://vuldb.com/?submit.469221

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

06-01-2025 - 01:15

Objavljeno

06-01-2025 - 01:15