VYPR

Mogublog

by Mogublog Project

CVEs (4)

  • CVE-2025-13814HigDec 1, 2025
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit…

  • CVE-2025-13816MedDec 1, 2025
    risk 0.41cvss 6.3epss 0.01

    A security vulnerability has been detected in moxi159753 Mogu Blog v2 up to 5.2. The impacted element is the function FileOperation.unzip of the file /networkDisk/unzipFile of the component ZIP File Handler. Such manipulation of the argument fileUrl leads to path traversal. The…

  • CVE-2025-13815MedDec 1, 2025
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in moxi159753 Mogu Blog v2 up to 5.2. The affected element is an unknown function of the file /file/pictures. This manipulation of the argument filedatas causes unrestricted upload. The attack may be initiated remotely. The exploit has been made…

  • CVE-2025-13813MedDec 1, 2025
    risk 0.36cvss 5.6epss 0.00

    A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be initiated remotely. The attack's…