Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-23626 | 1 Blog Project | 1 Blog | 2022-10-06 | 6.5 MEDIUM | 8.8 HIGH |
m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly. Although PHP issued warnings and the upload function returned `false`, the original file (that could contain a malicious payload) was kept on the disk. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. | |||||
CVE-2017-14346 | 1 Blog Project | 1 Blog | 2017-09-26 | 7.5 HIGH | 9.8 CRITICAL |
upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file. | |||||
CVE-2017-14345 | 1 Blog Project | 1 Blog | 2017-09-21 | 7.5 HIGH | 9.8 CRITICAL |
SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php. |