CVE-2025-31103

High CVSS: 7.5

Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server.

Vendor

Appleple

Product

A-blog Cms

CWE

CWE-502

Yayın Tarihi

2025-03-31 05:15:16

Güncelleme

2025-05-13 15:15:19

Source Identifier

vultures@jpcert.or.jp

KEV Date Added

Kategoriler

CWE-502 A-blog Cms HIGH Appleple 2025

Referanslar

https://developer.a-blogcms.jp/blog/news/entry-4197.html https://developer.a-blogcms.jp/blog/news/security-update202503.html https://jvn.jp/en/jp/JVN66982699/

Benzer Kayıtlar

Low

CVE-2025-41429

a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remot…

Medium

CVE-2025-27566

Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This…

Medium

CVE-2025-32999

Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This iss…

Critical

CVE-2025-36560

Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a…

High

CVE-2025-29461

An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the /bid/1/admin/entry-edit/ p…