Qumh

**Name of the Vulnerable Software and Affected Versions** OneBlog version 2.3.4 **Description** A Server-Side Request Forgery (SSRF) issue was discovered, which can be exploited via the `entryUrls` parameter. This allows an attacker to forge requests from the server, potentially leading to unauthorized access to internal resources. **Recommendations** For OneBlog version 2.3.4, as a temporary workaround, consider restricting access to the `entryUrls` parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OneBlog version 2.3.4 **Description** The issue allows low-level administrators to reset the passwords of high-level administrators who hold greater privileges due to insecure permissions. **Recommendations** For OneBlog version 2.3.4, update the permissions settings to restrict low-level administrators from resetting passwords of high-level administrators. As a temporary workaround, consider restricting access to the password reset functionality until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** OneBlog version 2.3.4 **Description** A Server-Side Request Forgery (SSRF) issue was discovered, which can be exploited via the `Logo` parameter under the Link module. This allows for potentially malicious requests to be made from the server. **Recommendations** For OneBlog version 2.3.4, consider restricting access to the Link module or disabling the `Logo` parameter until a fix is available. As a temporary workaround, avoid using the `Logo` parameter in the Link module to minimize the risk of exploitation.