CVE-2024-13144 | zhenfeng13 My-Blog 1.0 BlogController.java uploadFileByEditomd editormd-image-file unrestricted upload

Inserito da Angelo Barbosa | Gen 5, 2025 | CVE

A vulnerability classified as critical has been found in zhenfeng13 My-Blog 1.0. Affected is the function uploadFileByEditomd of the file src/main/java/com/site/blog/my/core/controller/admin/BlogController.java. The manipulation of the argument editormd-image-file leads to unrestricted upload.

This vulnerability is traded as CVE-2024-13144. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

CVE-2024-13144 | zhenfeng13 My-Blog 1.0 BlogController.java uploadFileByEditomd editormd-image-file unrestricted upload

Post correlati

CVE-2024-24815 | CKeditor4 up to 4.23.x HTML Parsing Module cross site scripting (GHSA-fq6h-4g8v-qqvm)

CVE-2024-11666 | hardy-barth cph2_echarge_firmware up to 2.0.4 data authenticity

CVE-2024-37453 | ProfileGrid User Profiles ProfileGrid Plugin up to 5.8.7 on WordPress authorization

CVE-2024-25972 | Zhejiang Uniview Technologies OET-213H-BTS1 initialization