cbcvebase.

Appleple A-Blog Cms vulnerabilities

26 known vulnerabilities affecting appleple/a-blog_cms.

Total CVEs
26
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH6MEDIUM18

Vulnerabilities

Page 1 of 2
CVE-2025-31103P2HIGHCVSS 7.5Exploited≤ 2.8.80≥ 2.9.0, ≤ 2.9.46+4 more2025-03-31
CVE-2025-31103 [HIGH] CWE-502 CVE-2025-31103: Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted re Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server.
nvd
CVE-2022-21142P2CRITICALCVSS 9.8≥ 2.8.0, < 2.8.74≥ 2.9.0, < 2.9.39+2 more2022-02-24
CVE-2022-21142 [CRITICAL] CWE-290 CVE-2022-21142: Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74, Ver Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x series versions prior to Ver.2.10.43, and Ver.2.11.x series versions prior to Ver.2.11.41 allows a remote unauthenticated attacker to bypass authentication under the specific condition.
nvd
CVE-2024-23180P2HIGHCVSS 8.8≤ 2.9.0≥ 2.10.0, < 2.10.50+3 more2024-01-23
CVE-2024-23180 [HIGH] CWE-434 CVE-2024-23180: Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary code by uploading a spe
nvd
CVE-2024-23348P3HIGHCVSS 8.8≤ 2.9.0≥ 2.10.0, < 2.10.50+3 more2024-01-23
CVE-2024-23348 [HIGH] CVE-2024-23348: Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary JavaScript code by uploading a
nvd
CVE-2025-41429P3CRITICALCVSS 9.8≥ 2.8.0, ≤ 2.8.85≥ 2.9.0, ≤ 2.9.52+4 more2025-05-19
CVE-2025-41429 [CRITICAL] CVE-2025-41429: a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user's session.
nvd
CVE-2024-23182P3HIGHCVSS 8.1≤ 2.9.0≥ 2.10.0, < 2.10.50+3 more2024-01-23
CVE-2024-23182 [HIGH] CWE-22 CVE-2024-23182: Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ve Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to delete arbitrary files on the server.
nvd
CVE-2025-36560P3HIGHCVSS 7.5≥ 2.8.0, ≤ 2.8.85≥ 2.9.0, ≤ 2.9.52+4 more2025-05-19
CVE-2025-36560 [HIGH] CWE-918 CVE-2025-36560: Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerabil Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a remote unauthenticated attacker may gain access to sensitive information by sending a specially crafted request.
nvd
CVE-2025-27566P3HIGHCVSS 7.2≥ 3.0.0, < 3.0.47≥ 3.1.0, < 3.1.432025-05-19
CVE-2025-27566 [HIGH] CWE-22 CVE-2025-27566: Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior t Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege. If this vulnerability is exploited, a remote authenticated attacker with the administrator privilege may obtai
nvd
CVE-2024-27279P3MEDIUMCVSS 6.5≤ 2.10.51≥ 2.11.0, ≤ 2.11.59+2 more2024-03-12
CVE-2024-27279 [MEDIUM] CWE-22 CVE-2024-27279: Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3 Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with editor or higher privilege who can login to the
nvd
CVE-2024-31394P3MEDIUMCVSS 6.5fixed in 2.10.53≥ 2.11.0, < 2.11.61+2 more2024-05-22
CVE-2024-31394 [MEDIUM] CWE-22 CVE-2024-31394: Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with an editor or higher pri
nvd
CVE-2022-23810P3MEDIUMCVSS 6.5≥ 2.8.0, < 2.8.75≥ 2.9.0, < 2.9.40+3 more2022-02-24
CVE-2022-23810 [MEDIUM] CWE-94 CVE-2022-23810: Template injection (Improper Neutralization of Special Elements Used in a Template Engine) vulnerabi Template injection (Improper Neutralization of Special Elements Used in a Template Engine) vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ve
nvd
CVE-2024-31396P3MEDIUMCVSS 6.6≥ 3.0.0, < 3.0.32≥ 3.1.0, < 3.1.122024-05-22
CVE-2024-31396 [MEDIUM] CWE-94 CVE-2024-31396: Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Code injection vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12 and Ver.3.0.x series versions prior to Ver.3.0.32. If this vulnerability is exploited, a user with an administrator or higher privilege who can log in to the product may execute an arbitrary command on the server.
nvd
CVE-2016-1178P4MEDIUMCVSS 6.5≤ 2.6.0.12017-04-12
CVE-2016-1178 [MEDIUM] CWE-284 CVE-2016-1178: The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allow The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors.
nvd
CVE-2024-23181P4MEDIUMCVSS 6.1≤ 2.9.0≥ 2.10.0, < 2.10.50+3 more2024-01-23
CVE-2024-23181 [MEDIUM] CWE-79 CVE-2024-23181: Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3 Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the logged-
nvd
CVE-2024-31395P4MEDIUMCVSS 6.1fixed in 2.10.53≥ 2.11.0, < 2.11.61+2 more2024-05-22
CVE-2024-31395 [MEDIUM] CWE-79 CVE-2024-31395: Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.1 Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with an editor or higher pr
nvd
CVE-2024-23782P4MEDIUMCVSS 5.4fixed in 2.10.50≥ 2.11.0, < 2.11.58+2 more2024-01-28
CVE-2024-23782 [MEDIUM] CWE-79 CVE-2024-23782: Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7 Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this vulnerability is exploited, a user with a contributor or high
nvd
CVE-2024-30419P4MEDIUMCVSS 5.4fixed in 2.10.53≥ 2.11.0, < 2.11.61+2 more2024-05-22
CVE-2024-30419 [MEDIUM] CWE-79 CVE-2024-30419: Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.1 Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with a contributor or highe
nvd
CVE-2022-24374P4MEDIUMCVSS 6.1≥ 2.8.0, < 2.8.75≥ 2.9.0, < 2.9.40+3 more2022-02-24
CVE-2022-24374 [MEDIUM] CVE-2022-24374: Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver. Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script
nvd
CVE-2022-23916P4MEDIUMCVSS 6.1≥ 2.8.0, < 2.8.75≥ 2.9.0, < 2.9.40+3 more2022-02-24
CVE-2022-23916 [MEDIUM] CWE-79 CVE-2022-23916: Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver. Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary
nvd
CVE-2019-6034P4MEDIUMCVSS 6.1≥ 2.8.0, < 2.8.64≥ 2.9.0, < 2.9.6+1 more2019-12-26
CVE-2019-6034 [MEDIUM] CWE-74 CVE-2019-6034: a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2 a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver.2.9.x), and Ver.2.8.64 (Ver.2.8.x) allows arbitrary scripts to be executed in the context of the application due to unspecified vectors.
nvd
Appleple A-Blog Cms vulnerabilities | cvebase