CVE-2025-60319
PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint (AttachController.java).
CVE-2025-60735
PerfreeBlog v4.0.11 has a File Upload vulnerability in the installPlugin function
CVE-2025-60731
PerfreeBlog v4.0.11 has a File Upload vulnerability in the installTheme function
CVE-2025-60730
PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function
CVE-2025-60729
PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function
CVE-2025-29421
PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the getThemeFileContent function.
CVE-2025-29420
PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function.
CVE-2025-5164
A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key
. The attack ca…
CVE-2025-29281
In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files and execute code within them.
CVE-2025-29280
Stored cross-site scripting vulnerability exists in PerfreeBlog v4.0.11 in the website name field of the backend system settings interface allows an attacker to insert and execute arbitrary malicious code.