CVE-2025-5406 | chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513 posts.php?source=add_post image unrestricted upload

A vulnerability, which was classified as critical, was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. Affected is an unknown function of the file /admin/posts.php?source=add_post. The manipulation of the argument image leads to unrestricted upload.

This vulnerability is traded as CVE-2025-5406. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-5406 | chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513 posts.php?source=add_post image unrestricted upload

Post correlati

CVE-2024-51054 | PHPGurukul Online Marriage Registration System 1.0 POST Request Parameter /omrs/admin/search.php searchdata cross site scripting

CVE-2024-7305 | Autodesk AutoCAD 2025 DWF File AdDwfPdk.dll out-of-bounds write

CVE-2024-51502 | bearcove loona up to 0.4.2 loona-hpack exceptional condition (ID 11)

CVE-2024-23179 | MediaWiki up to 1.40.1 GlobalBlocking Extension Special:GlobalBlock uselang cross site scripting