CVE-2025-36560

Critical CVSS: 9.2

Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a remote unauthenticated attacker may gain access to sensitive information by sending a specially crafted request.

Vendor

Appleple

Product

A-blog Cms

CWE

CWE-918

Yayın Tarihi

2025-05-19 09:15:24

Güncelleme

2025-09-30 19:14:19

Source Identifier

vultures@jpcert.or.jp

KEV Date Added

Kategoriler

CWE-918 A-blog Cms CRITICAL Appleple 2025

Referanslar

https://developer.a-blogcms.jp/blog/news/JVNVU-90760614.html https://jvn.jp/en/vu/JVNVU90760614/

Benzer Kayıtlar

Low

CVE-2025-41429

a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remot…

Medium

CVE-2025-27566

Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This…

Medium

CVE-2025-32999

Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This iss…

High

CVE-2025-29461

An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the /bid/1/admin/entry-edit/ p…

High

CVE-2025-31103

Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbi…