6.5
CVE-2023-2101
- EPSS 0.85%
- Veröffentlicht 15.04.2023 13:15:45
- Zuletzt bearbeitet 21.11.2024 07:57:56
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
Loginmoxi624 Mogu Blog v2 uploadPicsByUrl uploadPictureByUrl absolute path traversal
A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up to 5.2. This issue affects the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226109 was assigned to this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mogublog Project ≫ Mogublog Version <= 5.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.85% | 0.532 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| cna@vuldb.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| cna@vuldb.com | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-36 Absolute Path Traversal
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.
https://github.com/c3p0ooo-Yiqiyin/mogu_blog_v2/blob/main/README.md
https://github.com/moxi624/mogu_blog_v2/issues/97
https://vuldb.com/?ctiid.226109
https://vuldb.com/?id.226109