Blog

blog

Vendor: Blog Project • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-23626 1Blog Project 1Blog Nov 21, 2024 Feb 8, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom` and `image` have not been checked properly. Although PHP issued warnings and the upload function returned `false...Show more m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom` and `image` have not been checked properly. Although PHP issued warnings and the upload function returned `false`, the original file (that could contain a malicious payload) was kept on the disk. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.Show less
CVE-2017-14346 1Blog Project 1Blog May 13, 2026 Sep 12, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file.
CVE-2017-14345 1Blog Project 1Blog May 13, 2026 Sep 12, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php.