rawchen/blog-ssm

rawchen/blog-ssm

blog.rawchen.com

Releases0

Stars538

一个简单漂亮的博客系统 - SSM

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-40036 ↗	Jan 26, 2023Thursday, 26 January 2023, 21:16	6.5 MEDIUM	—
An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user information by bypassing permission checks via the /adminGetUserList component.
CVE-2022-40037 ↗	Jan 26, 2023Thursday, 26 January 2023, 21:16	9.8 CRITICAL	—
An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile.
CVE-2022-40035 ↗	Jan 26, 2023Thursday, 26 January 2023, 21:16	8.8 HIGH	—
File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing attackers to execute arbitrary commands and gain escalated privileges via the /uploadFileList component.
CVE-2022-40034 ↗	Jan 23, 2023Monday, 23 January 2023, 22:15	5.4 MEDIUM	—
Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter.