exploitDog

GHSA-h976-6mc8-5w2v

Опубликовано: 30 окт. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint (AttachController.java).

PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint (AttachController.java).

Ссылки

EPSS

Процентиль: 18%

0.00056

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-918

Связанные уязвимости

CVE-2025-60319

CVSS3: 6.5

nvd

3 месяца назад

PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint (AttachController.java).

EPSS

Процентиль: 18%

0.00056

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-918