CVE-2024-54954

High CVSS: 8.0

OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department.

Vendor

Product

CWE

Yayın Tarihi

2025-02-10 18:15:29

Güncelleme

2025-03-28 16:49:01

Source Identifier

cve@mitre.org

KEV Date Added

CWE-1336 Oneblog HIGH Zhyd 2025

https://gist.github.com/kaoniniang2/03658cc78e789b992b378f4951bedfb7 https://gitee.com/yadong.zhang/DBlog/issues/IB6552

Critical

CVE-2025-60355

zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.

High

CVE-2025-56264

The /api/comment endpoint in zhangyd-c OneBlog 2.3.9 contains a denial-of-service vulnerability.

Medium

CVE-2025-2835

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulner…

Medium

CVE-2025-2833

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknow…