Vulnerabilities (CVE)

Filtered by vendor Perfree Subscribe
Filtered by product Perfreeblog
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-40825 1 Perfree 1 Perfreeblog 2023-12-10 N/A 7.2 HIGH
An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list.
CVE-2023-29643 1 Perfree 1 Perfreeblog 2023-12-10 N/A 5.4 MEDIUM
Cross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2 allows attackers to execute arbitrary code via the Post function.
CVE-2023-30333 1 Perfree 1 Perfreeblog 2023-12-10 N/A 9.8 CRITICAL
An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute arbitrary code via a crafted file.
CVE-2023-27757 1 Perfree 1 Perfreeblog 2023-12-10 N/A 9.8 CRITICAL
An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to execute arbitrary code via a crafted JPG file.