Zerowdd Myblog vulnerabilities
4 known vulnerabilities affecting zerowdd/myblog.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-13191P2CRITICALCVSS 9.8v1.02025-01-08
CVE-2024-13191 [CRITICAL] CWE-284 CVE-2024-13191: A vulnerability, which was classified as critical, has been found in ZeroWdd myblog 1.0. This issue
A vulnerability, which was classified as critical, has been found in ZeroWdd myblog 1.0. This issue affects the function upload of the file src/main/java/com/wdd/myblog/controller/admin/uploadController.java. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to t
nvd
CVE-2024-13189P3CRITICALCVSS 9.8v1.02025-01-08
CVE-2024-13189 [CRITICAL] CWE-266 CVE-2024-13189: A vulnerability classified as critical has been found in ZeroWdd myblog 1.0. This affects an unknown
A vulnerability classified as critical has been found in ZeroWdd myblog 1.0. This affects an unknown part of the file src/main/java/com/wdd/myblog/config/MyBlogMvcConfig.java. The manipulation leads to permission issues. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
nvd
CVE-2024-13190P3MEDIUMCVSS 6.3v1.02025-01-08
CVE-2024-13190 [MEDIUM] CWE-74 CVE-2024-13190: A vulnerability classified as critical was found in ZeroWdd myblog 1.0. This vulnerability affects u
A vulnerability classified as critical was found in ZeroWdd myblog 1.0. This vulnerability affects unknown code of the file src/main/resources/mapper/BlogMapper.xml. The manipulation of the argument findBlogList/getTotalBlogs leads to xml injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
nvd
CVE-2024-13192P4MEDIUMCVSS 5.4v1.02025-01-08
CVE-2024-13192 [MEDIUM] CWE-79 CVE-2024-13192: A vulnerability, which was classified as problematic, was found in ZeroWdd myblog 1.0. Affected is t
A vulnerability, which was classified as problematic, was found in ZeroWdd myblog 1.0. Affected is the function update of the file src/main/java/com/wdd/myblog/controller/admin/BlogController.java. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used
nvd