Appleple ≫ A-blog Cms

26 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.

7.2

CVE-2025-27566

EPSS 0.09%
Veröffentlicht 19.05.2025 08:09:26
Zuletzt bearbeitet 30.09.2025 19:22:01

Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege. If thi...

5.4

CVE-2025-32999

EPSS 0.05%
Veröffentlicht 19.05.2025 08:08:51
Zuletzt bearbeitet 30.09.2025 19:20:42

Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges. If t...

7.5

CVE-2025-36560

EPSS 0.07%
Veröffentlicht 19.05.2025 08:08:00
Zuletzt bearbeitet 30.09.2025 19:14:19

Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a remote unauthenticated attacker may gain access to sensitive information by sending a specially crafted request.

9.8

CVE-2025-41429

EPSS 0.06%
Veröffentlicht 19.05.2025 08:07:38
Zuletzt bearbeitet 30.09.2025 19:05:09

a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user's session.

7.5

CVE-2025-31103

EPSS 0.06%
Veröffentlicht 31.03.2025 05:15:16
Zuletzt bearbeitet 13.05.2025 15:15:19

Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server.

6.6

CVE-2024-31396

EPSS 0.55%
Veröffentlicht 22.05.2024 05:15:53
Zuletzt bearbeitet 12.05.2025 14:23:37

Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to ...

6.1

CVE-2024-31395

EPSS 0.69%
Veröffentlicht 22.05.2024 05:15:53
Zuletzt bearbeitet 12.05.2025 14:23:17

Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, an...

6.5

CVE-2024-31394

EPSS 0.95%
Veröffentlicht 22.05.2024 05:15:53
Zuletzt bearbeitet 12.05.2025 14:23:14

Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and...

4.4

CVE-2024-30420

EPSS 0.21%
Veröffentlicht 22.05.2024 05:15:52
Zuletzt bearbeitet 12.05.2025 14:23:35

Server-side request forgery (SSRF) vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privileg...

5.4

CVE-2024-30419

EPSS 0.72%
Veröffentlicht 22.05.2024 05:15:52
Zuletzt bearbeitet 12.05.2025 14:23:06

123>