Filtered by vendor Blog Project
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-14346 | 1 Blog Project | 1 Blog | 2024-09-17 | N/A |
| upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file. | ||||
| CVE-2017-14345 | 1 Blog Project | 1 Blog | 2024-09-17 | N/A |
| SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php. | ||||
| CVE-2022-23626 | 1 Blog Project | 1 Blog | 2024-08-03 | 8.5 High |
| m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly. Although PHP issued warnings and the upload function returned `false`, the original file (that could contain a malicious payload) was kept on the disk. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. | ||||
Page 1 of 1.