Appleple

A-blog Cms

26 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2025-27566

  • EPSS 0.09%
  • Published 19.05.2025 08:09:26
  • Last modified 30.09.2025 19:22:01

Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege. If thi...

5.4

CVE-2025-32999

  • EPSS 0.05%
  • Published 19.05.2025 08:08:51
  • Last modified 30.09.2025 19:20:42

Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges. If t...

7.5

CVE-2025-36560

  • EPSS 0.07%
  • Published 19.05.2025 08:08:00
  • Last modified 30.09.2025 19:14:19

Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a remote unauthenticated attacker may gain access to sensitive information by sending a specially crafted request.

9.8

CVE-2025-41429

  • EPSS 0.06%
  • Published 19.05.2025 08:07:38
  • Last modified 30.09.2025 19:05:09

a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user's session.

7.5

CVE-2025-31103

  • EPSS 0.06%
  • Published 31.03.2025 05:15:16
  • Last modified 13.05.2025 15:15:19

Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server.

6.6

CVE-2024-31396

  • EPSS 0.55%
  • Published 22.05.2024 05:15:53
  • Last modified 12.05.2025 14:23:37

Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to ...

6.1

CVE-2024-31395

  • EPSS 0.69%
  • Published 22.05.2024 05:15:53
  • Last modified 12.05.2025 14:23:17

Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, an...

6.5

CVE-2024-31394

  • EPSS 0.95%
  • Published 22.05.2024 05:15:53
  • Last modified 12.05.2025 14:23:14

Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and...

4.4

CVE-2024-30420

  • EPSS 0.21%
  • Published 22.05.2024 05:15:52
  • Last modified 12.05.2025 14:23:35

Server-side request forgery (SSRF) vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privileg...

5.4

CVE-2024-30419

  • EPSS 0.72%
  • Published 22.05.2024 05:15:52
  • Last modified 12.05.2025 14:23:06

Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, an...