Filtered by vendor Blog Project
Subscriptions
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-23626 | 1 Blog Project | 1 Blog | 2024-11-21 | 8.5 High |
m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly. Although PHP issued warnings and the upload function returned `false`, the original file (that could contain a malicious payload) was kept on the disk. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. | ||||
CVE-2017-14346 | 1 Blog Project | 1 Blog | 2024-11-21 | N/A |
upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file. | ||||
CVE-2017-14345 | 1 Blog Project | 1 Blog | 2024-11-21 | N/A |
SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php. |
Page 1 of 1.