PT-2025-44429 · Unknown · Perfreeblog
Published
2025-10-30
·
Updated
2025-12-09
·
CVE-2025-60319
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
PerfreeBlog version 4.0.11
Description
The software contains a Server-Side Request Forgery condition resulting from a missing authorization check. This issue affects the
uploadAttachByUrl API endpoint located in the AttachController.java file. The vulnerability allows for potentially malicious requests to be made on behalf of the server.API Endpoints
/uploadAttachByUrlRecommendations
Apply a fix to implement proper authorization checks for the
uploadAttachByUrl API endpoint in the AttachController.java file.Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Perfreeblog