moxi624/mogu_blog_v2
GitHub
Releases9
Frequency3 weeks 1 day
Last Release
Stars1.8K
蘑菇博客(MoguBlog),一个基于微服务架构的前后端分离博客系统。Web端使用Vue + Element , 移动端使用uniapp和ColorUI。后端使用Spring cloud + Spring boot + mybatis-plus进行开发,使用 Jwt + Spring Security做登录验证和权限校验,使用ElasticSearch和Solr作为全文检索服务,使用Github Actions完成博客的持续集成,使用ELK收集博客日志,文件支持上传七牛云和Minio,支持Docker Compose脚本一键部署。
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 4.3 MEDIUM | 4 MEDIUM | ||
A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up to 5.2. This issue affects the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226109 was assigned to this vulnerability. | |||
| 6.1 MEDIUM | 4.3 MEDIUM | ||
Mogu blog 5.2 is vulnerable to Cross Site Scripting (XSS). | |||
| 9.8 CRITICAL | 7.5 HIGH | ||
mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation. | |||