CNNVD-202510-4206 Information

CNNVD ID

CNNVD-202510-4206

Related CVE

CVE-2025-60319

• CNNVD Published: 2025-10-30

Description (Chinese)

PerfreeBlog是PerfreeBlog开源的一款基于java开发的博客/CMS建站平台。 PerfreeBlog 4.0.11版本存在安全漏洞，该漏洞源于uploadAttachByUrl API端点缺少授权检查，可能导致服务端请求伪造。

Description (English)

PerfreeBlog is a blog/CMS platform based on Java’s development of PerfreeBlog. There is a security loophole in the PerfreeBlog, version 4.0.11, which stems from the lack of authorization to check the upperloadAttach ByUrl API endpoint, which may lead to the forgery of service requests.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

PerfreeBlog

Published

2025-10-30

Last Modified

2026-02-24

References

https://github.com/PerfreeBlog/PerfreeBlog/commit/103c79165e3a41a1729188fdc8a1e90c97c0a06d https://github.com/PerfreeBlog/PerfreeBlog/issues/20 https://access.redhat.com/security/cve/cve-2025-60319