PT-2022-16140 · Unknown · M1K1O/Blog
Bao104
+1
·
Published
2022-02-08
·
Updated
2023-07-13
·
CVE-2022-23626
CVSS v3.1
8.5
High
| Vector | AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
m1k1o/blog (affected versions not specified)
Description
The issue concerns a lightweight self-hosted PHP blog, where errors from functions
imagecreatefrom* and image* have not been checked properly. Although PHP issued warnings and the upload function returned false, the original file, which could contain a malicious payload, was kept on the disk. Users are advised to upgrade as soon as possible.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Unchecked Return Value
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
M1K1O/Blog