PT-2022-21969 · Oneblog · Oneblog

Qumh

Published

2022-06-23

Updated

2022-06-29

CVE-2022-34013

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions OneBlog version 2.3.4

Description A Server-Side Request Forgery (SSRF) issue was discovered, which can be exploited via the Logo parameter under the Link module. This allows for potentially malicious requests to be made from the server.

Recommendations For OneBlog version 2.3.4, consider restricting access to the Link module or disabling the Logo parameter until a fix is available. As a temporary workaround, avoid using the Logo parameter in the Link module to minimize the risk of exploitation.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2022-34013

Affected Products

Oneblog

PT-2022-21969 · Oneblog · Oneblog

CVE-2022-34013

Weakness Enumeration

Related Identifiers

Affected Products

References · 5