CVE-2024-13144 | zhenfeng13 My-Blog 1.0 BlogController.java uploadFileByEditomd editormd-image-file unrestricted upload

Posted by Angelo Barbosa | Jan 5, 2025 | CVE

A vulnerability classified as critical has been found in zhenfeng13 My-Blog 1.0. Affected is the function uploadFileByEditomd of the file src/main/java/com/site/blog/my/core/controller/admin/BlogController.java. The manipulation of the argument editormd-image-file leads to unrestricted upload.

This vulnerability is traded as CVE-2024-13144. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

CVE-2024-13144 | zhenfeng13 My-Blog 1.0 BlogController.java uploadFileByEditomd editormd-image-file unrestricted upload

Related Posts

CVE-2024-28921 | Microsoft unknown vulnerability

CVE-2023-6415 | Voovi Social Networking Script 1.0 signin.php user sql injection

CVE-2024-2706 | Tenda AC10U 15.03.06.49 /goform/WifiWpsStart formWifiWpsStart index stack-based overflow

CVE-2024-40782 | Apple tvOS Web use after free