Input validation

2024-01-2310:15:00

PRIOn knowledge base

www.prio-n.com

input validation

vulnerability

a-blog cms

remote execution

svg

nvd

7.8 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

43.7%

JSON

Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary code by uploading a specially crafted SVG file.

CPENameOperatorVersion
a-blog_cmsle2.9.0
a-blog_cmsge2.10.0
a-blog_cmslt2.10.50
a-blog_cmsge2.11.0
a-blog_cmslt2.11.58
a-blog_cmsge3.1.0
a-blog_cmslt3.1.7
a-blog_cmsge3.0.0
a-blog_cmslt3.0.29

Name	Operator	Version
a-blog_cms	le	2.9.0
a-blog_cms	ge	2.10.0
a-blog_cms	lt	2.10.50
a-blog_cms	ge	2.11.0
a-blog_cms	lt	2.11.58
a-blog_cms	ge	3.1.0
a-blog_cms	lt	3.1.7
a-blog_cms	ge	3.0.0
a-blog_cms	lt	3.0.29