Mogublog Project Mogublog vulnerabilities
6 known vulnerabilities affecting mogublog_project/mogublog.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-13816P2HIGHCVSS 8.8≤ 5.22025-12-01
CVE-2025-13816 [HIGH] CWE-22 CVE-2025-13816: A security vulnerability has been detected in moxi159753 Mogu Blog v2 up to 5.2. The impacted elemen
A security vulnerability has been detected in moxi159753 Mogu Blog v2 up to 5.2. The impacted element is the function FileOperation.unzip of the file /networkDisk/unzipFile of the component ZIP File Handler. Such manipulation of the argument fileUrl leads to path traversal. The attack may be launched remotely. The exploit has been disclosed publicly an
nvd
CVE-2025-13815P2CRITICALCVSS 9.8≤ 5.22025-12-01
CVE-2025-13815 [CRITICAL] CWE-284 CVE-2025-13815: A weakness has been identified in moxi159753 Mogu Blog v2 up to 5.2. The affected element is an unkn
A weakness has been identified in moxi159753 Mogu Blog v2 up to 5.2. The affected element is an unknown function of the file /file/pictures. This manipulation of the argument filedatas causes unrestricted upload. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted
nvd
CVE-2025-13814P3CRITICALCVSS 9.8≤ 5.22025-12-01
CVE-2025-13814 [CRITICAL] CWE-918 CVE-2025-13814: A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function L
A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was
nvd
CVE-2025-13813P3HIGHCVSS 8.1≤ 5.22025-12-01
CVE-2025-13813 [HIGH] CWE-862 CVE-2025-13813: A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown
A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be initiated remotely. The attack's complexity is rated as high. The exploitability is assessed as difficult.
nvd
CVE-2023-2101P3MEDIUMCVSS 6.5≤ 5.22023-04-15
CVE-2023-2101 [MEDIUM] CWE-36 CVE-2023-2101: A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up to 5
A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up to 5.2. This issue affects the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the
nvd
CVE-2022-30517P4MEDIUMCVSS 6.1v5.22022-07-12
CVE-2022-30517 [MEDIUM] CWE-79 CVE-2022-30517: Mogu blog 5.2 is vulnerable to Cross Site Scripting (XSS).
Mogu blog 5.2 is vulnerable to Cross Site Scripting (XSS).
nvd