CNNVD-202508-2194 Information
CNNVD ID
CNNVD-202508-2194
Related CVE
- CNNVD Published: 2025-08-19
Description (Chinese)
ThriveX-Blog是LiuYuYang01个人开发者的一个博客管理系统。 ThriveX-Blog 3.1.7及之前版本存在安全漏洞,该漏洞源于文件/web_config/json/name/web中函数updateJsonValueByName存在授权不当问题。
Description (English)
TriveX-Blog is a blog management system for LiuYuyang01 personal developers. There is a security loophole in ThriveX-Blog 3.1.7 and earlier versions, which stems from the inappropriate authorization of the function /web config/json/name/webupdateJsonValueByName.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-08-19
Last Modified
2026-02-24
References
https://github.com/echo0d/vulnerability/blob/main/LiuYuYang01_ThriveX-Blog/IncorrectAuthorization.md#poc https://vuldb.com/?submit.629873 https://vuldb.com/?ctiid.320530 https://vuldb.com/?id.320530 https://access.redhat.com/security/cve/cve-2025-9151 https://nvd.nist.gov/vuln/detail/CVE-2025-9151
Patch
https://github.com/LiuYuYang01/ThriveX-Blog/releases
Share on: