CVE-2025-5510 | quequnlong shiyi-blog up to 1.2.1 optimize url server-side request forgery

Inserito da Angelo Barbosa | Giu 3, 2025 | CVE

A vulnerability classified as critical was found in quequnlong shiyi-blog up to 1.2.1. This vulnerability affects unknown code of the file /app/sys/article/optimize. The manipulation of the argument url leads to server-side request forgery.

This vulnerability was named CVE-2025-5510. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-5510 | quequnlong shiyi-blog up to 1.2.1 optimize url server-side request forgery

Post correlati

CVE-2024-54506 | Apple macOS up to 15.1 DCP Firmware out-of-bounds write

CVE-2024-34703 | randombit botan up to 2.19.3 X.509 Certificate amplification (GHSA-w4g2-7m2h-7xj7)

CVE-2024-51030 | SourceCodester Cab Management System 1.0 manage_client.php id sql injection

CVE-2025-1026 | Spatie browsershot up to 5.0.4 URL Validation setUrl file inclusion (SNYK-PHP-SPATIEBROWSERSHOT-8533024)