CVE-2025-60319

Published October 30th, 2025

View on NVD ↗

CVSS v3

6.5

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint (AttachController.java).

PerfreeBlog/PerfreeBlog

PerfreeBlog是一款基于java开发的博客/CMS建站平台,丰富的主题支持及扩展插件功能,给您带来全新的创作体验~

GitHub

104