CVE-2024-13145

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions zhenfeng13 My-Blog version 1.0

Description A critical vulnerability was found in the upload function of the file src/main/java/com/site/blog/my/core/controller/admin/uploadController.java. The manipulation of the file argument leads to unrestricted upload. The attack can be launched remotely.

Recommendations For zhenfeng13 My-Blog version 1.0, as a temporary workaround, consider disabling the upload function in the uploadController.java file until a patch is available. Restrict access to the upload functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Access Control

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-434

Related Identifiers

CVE-2024-13145

Affected Products

Zhenfeng13 My-Blog

CVE-2024-13145

Weakness Enumeration

Related Identifiers

Affected Products

References · 11