Code Execution Vulnerability in PerfreeBlog by Perfree
CVE-2023-40825

7.2HIGH

Key Information:

Vendor: Perfree
Status: Perfreeblog
Vendor: CVE Published:; 28 August 2023

What is CVE-2023-40825?

A vulnerability in PerfreeBlog version 3.1.2 allows remote attackers to execute arbitrary code through specially crafted plugins. The issue arises in the admin section where plugins are managed, making it feasible for malicious actors to gain control over the system. Users are advised to review their plugin access and ensure they are running the latest version of the product to mitigate potential risks.

References

https://github.com/perfree/PerfreeBlog/issues/15

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 28, 2023
Vulnerability Reserved
Aug 22, 2023

CVE-2023-40825 Data

JSON