CVE-2025-2835

Medium CVSS: 5.3

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Vendor

Zhyd

Product

Oneblog

CWE

CWE-918

Yayın Tarihi

2025-03-27 04:15:25

Güncelleme

2025-04-01 15:43:38

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-918 Oneblog MEDIUM Zhyd 2025

Referanslar

https://github.com/zhangyd-c/OneBlog/issues/36 https://github.com/zhangyd-c/OneBlog/issues/36#issue-2923097259 https://vuldb.com/?ctiid.301471 https://vuldb.com/?id.301471 https://vuldb.com/?submit.521815 https://github.com/zhangyd-c/OneBlog/issues/36 https://github.com/zhangyd-c/OneBlog/issues/36#issue-2923097259

Benzer Kayıtlar

Critical

CVE-2025-60355

zhangyd-c OneBlog v2.3.9 and before was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.

High

CVE-2025-56264

The /api/comment endpoint in zhangyd-c OneBlog 2.3.9 contains a denial-of-service vulnerability.

Medium

CVE-2025-2833

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknow…

High

CVE-2024-54954

OneBlog v2.3.6 was discovered to contain a template injection vulnerability via the template management department.