A vulnerability, which was classified as problematic, was found in zhenfeng13 My-Blog. Affected is an unknown function of the file /admin/configurations/userInfo. The manipulation of the argument yourAvatar/yourName/yourEmail leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-225264.
References
Link | Resource |
---|---|
https://gitee.com/zhenfeng13/My-Blog/issues/I6PV4U | Exploit Issue Tracking |
https://vuldb.com/?ctiid.225264 | Permissions Required |
https://vuldb.com/?id.225264 | Third Party Advisory |
Configurations
History
13 Apr 2023, 17:50
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
References | (MISC) https://gitee.com/zhenfeng13/My-Blog/issues/I6PV4U - Exploit, Issue Tracking | |
References | (MISC) https://vuldb.com/?ctiid.225264 - Permissions Required | |
References | (MISC) https://vuldb.com/?id.225264 - Third Party Advisory | |
CPE | cpe:2.3:a:my-blog_project:my-blog:-:*:*:*:*:*:*:* | |
First Time |
My-blog Project my-blog
My-blog Project |
07 Apr 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-07 09:15
Updated : 2024-04-11 01:18
NVD link : CVE-2023-1937
Mitre link : CVE-2023-1937
CVE.ORG link : CVE-2023-1937
JSON object : View
Products Affected
my-blog_project
- my-blog
CWE
CWE-352
Cross-Site Request Forgery (CSRF)