CVE-2025-29281

High CVSS: 8.8

In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files and execute code within them.

Vendor

Perfree

Product

Perfreeblog

CWE

CWE-94

Yayın Tarihi

2025-04-15 15:16:08

Güncelleme

2025-06-24 15:17:53

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-94 Perfreeblog HIGH Perfree 2025

Referanslar

https://github.com/Cray0nLee/CVE/issues/2

Benzer Kayıtlar

Medium

CVE-2025-60319

PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttac…

High

CVE-2025-60731

PerfreeBlog v4.0.11 has a File Upload vulnerability in the installTheme function

High

CVE-2025-60735

PerfreeBlog v4.0.11 has a File Upload vulnerability in the installPlugin function

Medium

CVE-2025-60729

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function

High

CVE-2025-60730

PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function

High

CVE-2025-29420

PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function.