Filtered by vendor Blog Project Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-23626 1 Blog Project 1 Blog 2024-11-21 8.5 High
m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly. Although PHP issued warnings and the upload function returned `false`, the original file (that could contain a malicious payload) was kept on the disk. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
CVE-2017-14346 1 Blog Project 1 Blog 2024-11-21 N/A
upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file.
CVE-2017-14345 1 Blog Project 1 Blog 2024-11-21 N/A
SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php.