CNNVD-202512-119 Information

CNNVD ID

CNNVD-202512-119

Related CVE

CVE-2025-13815

• CNNVD Published: 2025-12-01

Description (Chinese)

Mogu blog（蘑菇博客）是中国Streamlet个人开发者的一个基于微架构的前后端共享博客系统。 Mogu blog v2 5.2及之前版本存在代码问题漏洞，该漏洞源于文件/file/pictures中参数filedatas未受限制，可能导致任意文件上传。

Description (English)

Mogublog (Frooms Blog) is a micro-structure-based, back-to-back, blog-sharing system for Chinese Streamlet personal developers. Mogu blog v2 5.2 and previous versions had a code problem loophole, which stemmed from the fact that the parameters in file/file/pictures were not restricted and could lead to any upload of the document.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

个人开发者

Published

2025-12-01

Last Modified

2026-02-24

References

https://vuldb.com/?id.333824 https://vuldb.com/?submit.692106 https://github.com/Xzzz111/exps/blob/main/archives/mogu_blog_v2-unrestricted_upload-1/report.md https://vuldb.com/?ctiid.333824 https://github.com/Xzzz111/exps/blob/main/archives/mogu_blog_v2-unrestricted_upload-1/report.md#proof-of-concept https://access.redhat.com/security/cve/cve-2025-13815