CVE-2025-60319

Medium CVSS: 6.5

PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint (AttachController.java).

Vendor

Perfree

Product

Perfreeblog

CWE

CWE-918

Yayın Tarihi

2025-10-30 17:15:38

Güncelleme

2025-12-09 18:28:37

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-918 Perfreeblog MEDIUM Perfree 2025

Referanslar

https://github.com/PerfreeBlog/PerfreeBlog/commit/103c79165e3a41a1729188fdc8a1e90c97c0a06d https://github.com/PerfreeBlog/PerfreeBlog/issues/20

Benzer Kayıtlar

High

CVE-2025-60731

PerfreeBlog v4.0.11 has a File Upload vulnerability in the installTheme function

High

CVE-2025-60735

PerfreeBlog v4.0.11 has a File Upload vulnerability in the installPlugin function

Medium

CVE-2025-60729

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function

High

CVE-2025-60730

PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function

High

CVE-2025-29420

PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function.

High

CVE-2025-29421

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the getThemeFileContent function.