cbcvebase.

Zerowdd Myblog vulnerabilities

4 known vulnerabilities affecting zerowdd/myblog.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2024-13191P2CRITICALCVSS 9.8v1.02025-01-08
CVE-2024-13191 [CRITICAL] CWE-284 CVE-2024-13191: A vulnerability, which was classified as critical, has been found in ZeroWdd myblog 1.0. This issue A vulnerability, which was classified as critical, has been found in ZeroWdd myblog 1.0. This issue affects the function upload of the file src/main/java/com/wdd/myblog/controller/admin/uploadController.java. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to t
nvd
CVE-2024-13189P3CRITICALCVSS 9.8v1.02025-01-08
CVE-2024-13189 [CRITICAL] CWE-266 CVE-2024-13189: A vulnerability classified as critical has been found in ZeroWdd myblog 1.0. This affects an unknown A vulnerability classified as critical has been found in ZeroWdd myblog 1.0. This affects an unknown part of the file src/main/java/com/wdd/myblog/config/MyBlogMvcConfig.java. The manipulation leads to permission issues. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
nvd
CVE-2024-13190P3MEDIUMCVSS 6.3v1.02025-01-08
CVE-2024-13190 [MEDIUM] CWE-74 CVE-2024-13190: A vulnerability classified as critical was found in ZeroWdd myblog 1.0. This vulnerability affects u A vulnerability classified as critical was found in ZeroWdd myblog 1.0. This vulnerability affects unknown code of the file src/main/resources/mapper/BlogMapper.xml. The manipulation of the argument findBlogList/getTotalBlogs leads to xml injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
nvd
CVE-2024-13192P4MEDIUMCVSS 5.4v1.02025-01-08
CVE-2024-13192 [MEDIUM] CWE-79 CVE-2024-13192: A vulnerability, which was classified as problematic, was found in ZeroWdd myblog 1.0. Affected is t A vulnerability, which was classified as problematic, was found in ZeroWdd myblog 1.0. Affected is the function update of the file src/main/java/com/wdd/myblog/controller/admin/BlogController.java. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used
nvd
Zerowdd Myblog vulnerabilities | cvebase