Appleple: >> A-Blog Cms >> 2.10.54 Security Vulnerabilities
a-blog cms multiple versions neutralize logs improperly. If this vulnerability is exploited with CVE-2025-36560, a remote unauthenticated attacker may hijack a legitimate user's session.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-05-19
Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a remote unauthenticated attacker may gain access to sensitive information by sending a specially crafted request.
CVSS Score
8.6
EPSS Score
0.001
Published
2025-05-19
Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-03-31