Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-23626: Insufficient checking of uploaded files

m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions imagecreatefrom* and image* have not been checked properly. Although PHP issued warnings and the upload function returned false, the original file (that could contain a malicious payload) was kept on the disk. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.

CVE
#php#perl

Errors from functions imagecreatefrom* and image* have not been checked properly. Although PHP issued warning and function returned false, original file (that could contain malicious payload) was kept on the disk.

Impact

All versions until v1.3.

Patches

Users should upgrade to v1.4.

Related news

m1k1o's Blog 1.3 Remote Code Execution

m1k1o's Blog versions 1.3 and below suffer from an authenticated remote code execution vulnerability.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907