CVE-2023-2101
Published
CVSS v3
4.3
MEDIUM
CVSS v2
4
MEDIUM
Affected
2
PROJECTS
Description
A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up to 5.2. This issue affects the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226109 was assigned to this vulnerability.
蘑菇博客(MoguBlog),一个基于微服务架构的前后端分离博客系统。Web端使用Vue + Element , 移动端使用uniapp和ColorUI。后端使用Spring cloud + Spring boot + mybatis-plus进行开发,使用 Jwt + Spring Security做登录验证和权限校验,使用ElasticSearch和Solr作为全文检索服务,使用Github Actions完成博客的持续集成,使用ELK收集博客日志,文件支持上传七牛云和Minio,支持Docker Compose脚本一键部署。
GitHubGitHub