Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Blog Project Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-23626 1 Blog Project 1 Blog 2022-10-06 6.5 MEDIUM 8.8 HIGH
m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly. Although PHP issued warnings and the upload function returned `false`, the original file (that could contain a malicious payload) was kept on the disk. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
CVE-2017-14346 1 Blog Project 1 Blog 2017-09-26 7.5 HIGH 9.8 CRITICAL
upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file.
CVE-2017-14345 1 Blog Project 1 Blog 2017-09-21 7.5 HIGH 9.8 CRITICAL
SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php.