m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly. Although PHP issued warnings and the upload function returned `false`, the original file (that could contain a malicious payload) was kept on the disk. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-02-08T22:00:12
Updated: 2024-08-03T03:51:45.605Z
Reserved: 2022-01-19T00:00:00
Link: CVE-2022-23626
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-02-08T22:15:07.817
Modified: 2024-11-21T06:48:57.877
Link: CVE-2022-23626
Redhat
No data.