CVE-2025-41429

Low CVSS: 2.1

a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user's session.

Vendor

Appleple

Product

A-blog Cms

CWE

CWE-117

Yayın Tarihi

2025-05-19 09:15:25

Güncelleme

2025-09-30 19:05:09

Source Identifier

vultures@jpcert.or.jp

KEV Date Added

Kategoriler

CWE-117 A-blog Cms LOW Appleple 2025

Referanslar

https://developer.a-blogcms.jp/blog/news/JVNVU-90760614.html https://jvn.jp/en/vu/JVNVU90760614/

Benzer Kayıtlar

Medium

CVE-2025-27566

Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This…

Medium

CVE-2025-32999

Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This iss…

Critical

CVE-2025-36560

Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a…

High

CVE-2025-29461

An issue in a-blogcms 3.1.15 allows a remote attacker to obtain sensitive information via the /bid/1/admin/entry-edit/ p…

High

CVE-2025-31103

Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbi…