Bao104

**Name of the Vulnerable Software and Affected Versions** m1k1o/blog (affected versions not specified) **Description** The issue concerns a lightweight self-hosted PHP blog, where errors from functions `imagecreatefrom*` and `image*` have not been checked properly. Although PHP issued warnings and the upload function returned `false`, the original file, which could contain a malicious payload, was kept on the disk. Users are advised to upgrade as soon as possible. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.