CVE-2024-13144

Name of the Vulnerable Software and Affected Versions zhenfeng13 My-Blog version 1.0

Description A critical vulnerability has been found in the software. It affects the uploadFileByEditomd function in the file src/main/java/com/site/blog/my/core/controller/admin/BlogController.java. The manipulation of the argument editormd-image-file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For zhenfeng13 My-Blog version 1.0, as a temporary workaround, consider disabling the uploadFileByEditomd function until a patch is available. Restrict access to the editormd-image-file argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.