CVE-2025-13815

Name of the Vulnerable Software and Affected Versions Mogu Blog v2 versions up to 5.2

Description A weakness exists in Mogu Blog v2 up to version 5.2. This issue involves the manipulation of the filedatas argument within an unknown function of the /file/pictures endpoint, leading to unrestricted file upload. The attack can be initiated remotely. The exploit has been publicly released. The vendor was contacted regarding this issue but did not provide a response.

Recommendations Versions prior to 5.2 should be updated. At the moment, there is no information about a newer version that contains a fix for this vulnerability.