CVE-2025-29420

High CVSS: 7.5

PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function.

Vendor

Product

CWE

Yayın Tarihi

2025-08-25 17:15:29

Güncelleme

2025-08-26 20:59:57

Source Identifier

cve@mitre.org

KEV Date Added

CWE-22 Perfreeblog HIGH Perfree 2025

https://github.com/147536951/Qiany1/blob/main/Perfreeblog_1.pdf

Medium

CVE-2025-60319

PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttac…

High

CVE-2025-60731

PerfreeBlog v4.0.11 has a File Upload vulnerability in the installTheme function

High

CVE-2025-60735

PerfreeBlog v4.0.11 has a File Upload vulnerability in the installPlugin function

Medium

CVE-2025-60729

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function

High

CVE-2025-60730

PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function

High

CVE-2025-29421

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the getThemeFileContent function.