exploitDog

CVE-2025-28101

Опубликовано: 17 апр. 2025

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

An arbitrary file deletion vulnerability in the /post/{postTitle} component of flaskBlog v2.6.1 allows attackers to delete article titles created by other users via supplying a crafted POST request.

Ссылки

https://gist.github.com/coleak2021/cecfc757bc77038717c3e7b40e2d66ce
Third Party Advisory
https://github.com/DogukanUrker/flaskBlog/issues/130
Exploit
Issue Tracking

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dogukanurker:flaskblog:2.6.1:*:*:*:*:*:*:*

EPSS

Процентиль: 24%

0.00079

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-mrgc-7pv6-7gc9

CVSS3: 6.5

github

10 месяцев назад

An arbitrary file deletion vulnerability in the /post/{postTitle} component of flaskBlog v2.6.1 allows attackers to delete article titles created by other users via supplying a crafted POST request.

EPSS

Процентиль: 24%

0.00079

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-352