Описание
PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint (AttachController.java).
Ссылки
- Patch
- Issue TrackingPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:perfree:perfreeblog:4.0.11:*:*:*:*:*:*:*
EPSS
Процентиль: 17%
0.00056
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 6.5
github
3 месяца назад
PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint (AttachController.java).
EPSS
Процентиль: 17%
0.00056
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-918