moxi624 Mogu Blog v2 uploadPicsByUrl uploadPictureByUrl absolute path traversal
CVE-2023-2101

6.5MEDIUM

Key Information:

Vendor: moxi624
Status: Mogu Blog v2
Vendor: CVE Published:; 15 April 2023

What is CVE-2023-2101?

A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up to 5.2. This issue affects the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226109 was assigned to this vulnerability.

Affected Version(s)

Mogu Blog v2 5.0

Mogu Blog v2 5.1

Mogu Blog v2 5.2

References

https://vuldb.com/?id.226109

vdb-entrytechnical-description

https://vuldb.com/?ctiid.226109

signaturepermissions-required

https://github.com/c3p0ooo-Yiqiyin/mogu_blog_v2/blob/main...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2023
Vulnerability Reserved
Apr 15, 2023

Credit

c3p0ooo_Yiqiyin (VulDB User)

CVE-2023-2101 Data

JSON