CVE-2025-5406

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513

Description A critical vulnerability was found in chaitak-gorai Blogbook. The issue affects an unknown function of the file /admin/posts.php?source=add post, where the manipulation of the image argument leads to unrestricted upload. This can be exploited remotely. The exploit has been disclosed publicly.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Access Control

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-434

Related Identifiers

CVE-2025-5406

Affected Products

Chaitak-Gorai Blogbook

CVE-2025-5406

Weakness Enumeration

Related Identifiers

Affected Products

References · 9