CVE-2025-3593 — Improper Access Control in My-blog-layui

CWE-284 — Improper Access Control CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.3%

top 44.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Code-projects My-blog-layui Zhenfeng13 My-blog-layui

Timeline

PublishedApr 14

Latest updateApr 15

Description

A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been declared as critical. This vulnerability affects the function Upload of the file /admin/upload/authorImg/. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

▶CVEListV5code-projects/my-blog-layui1.0

▶CVEListV5zhenfeng13/my-blog-layui1.0

▶NVDzhenfeng13/my-blog-layui1.0

🔴Vulnerability Details

GHSA

GHSA-57qp-9rcf-vpfx: A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1↗2025-04-15

▶

CVEList

ZHENFENG13/code-projects My-Blog-layui authorImg upload unrestricted upload↗2025-04-14

▶