CVE-2025-60735

High CVSS: 7.6

PerfreeBlog v4.0.11 has a File Upload vulnerability in the installPlugin function

Vendor

Product

CWE

Yayın Tarihi

2025-10-24 18:15:41

Güncelleme

2025-10-27 17:43:58

Source Identifier

cve@mitre.org

KEV Date Added

CWE-434 Perfreeblog HIGH Perfree 2025

http://perfreeblog.com https://github.com/dengxmenglihua/cve/blob/main/PerfreeBlog/File%20Upload%202/Arbitrary%20File%20Upload%20Vulnerability%20in%20PerfreeBlog%20System.md https://perfree.org.cn/

Medium

CVE-2025-60319

PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttac…

High

CVE-2025-60731

PerfreeBlog v4.0.11 has a File Upload vulnerability in the installTheme function

Medium

CVE-2025-60729

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function

High

CVE-2025-60730

PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function

High

CVE-2025-29420

PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function.

High

CVE-2025-29421

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the getThemeFileContent function.