CNNVD-202507-036 Information

CNNVD ID

CNNVD-202507-036

Related CVE

CVE-2025-45872

• CNNVD Published: 2025-07-01

Description (Chinese)

ZrLog是xiaochun个人开发者的一款使用Java语言开发的博客系统。 ZrLog 3.1.5版本存在安全漏洞，该漏洞源于downloadUrl参数存在服务端请求伪造。

Description (English)

ZrLog is a blog system developed in Java by the xiaochun personal developers. There is a security loophole in version ZrLog 3.1.5 which stems from the existence of a service-end request for forgery of the DownloadUrl parameter.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Live Support

Published

2025-07-01

Last Modified

2026-02-24

References

https://github.com/dengxmenglihua/cve/blob/main/ZrLog%20Blog%20System%20SSRF%20%2B%20File%20Overwrite%20Leading%20to%20RCE%20Vulnerability.md https://access.redhat.com/security/cve/cve-2025-45872

Patch

https://gitee.com/94fzb/zrlog/releases/