CVE-2025-27566

Medium CVSS: 5.1

Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege. If this vulnerability is exploited, a remote authenticated attacker with the administrator privilege may obtain or delete any file on the server.

Vendor

Appleple

Product

A-blog Cms

CWE

CWE-22

Yayın Tarihi

2025-05-19 09:15:24

Güncelleme

2025-09-30 19:22:01

Source Identifier

vultures@jpcert.or.jp

KEV Date Added

Kategoriler

CWE-22 A-blog Cms MEDIUM Appleple 2025

Referanslar

https://developer.a-blogcms.jp/blog/news/JVNVU-90760614.html https://jvn.jp/en/vu/JVNVU90760614/

Benzer Kayıtlar

Low

CVE-2025-41429

a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remot…

Medium

CVE-2025-32999

Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This iss…

Critical

CVE-2025-36560

Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a…

High

CVE-2025-29461

An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the /bid/1/admin/entry-edit/ p…

High

CVE-2025-31103

Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbi…