CNNVD-202512-128 Information

CNNVD ID

CNNVD-202512-128

Related CVE

CVE-2025-13814

• CNNVD Published: 2025-12-01

Description (Chinese)

Mogu blog（蘑菇博客）是中国Streamlet个人开发者的一个基于微架构的前后端共享博客系统。 Mogu blog v2 5.2及之前版本存在代码问题漏洞，该漏洞源于文件/file/uploadPicsByUrl中函数LocalFileServiceImpl.uploadPictureByUrl存在缺陷，可能导致服务端请求伪造。

Description (English)

Mogublog (Frooms Blog) is a micro-structure-based, back-to-back, blog-sharing system for Chinese Streamlet personal developers. Mogu blog v2 5.2 and previous versions had a code problem loophole, which stemmed from deficiencies in the LocalFileServiceImpl.uploadPictureByUrl function in the file/file/uploadPicsByUrl, which could lead to forgery of service-level requests.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

个人开发者

Published

2025-12-01

Last Modified

2026-02-24

References

https://github.com/Xzzz111/exps/blob/main/archives/mogu_blog_v2-ssrf-1/report.md#proof-of-concept https://vuldb.com/?id.333823 https://vuldb.com/?submit.692105 https://vuldb.com/?ctiid.333823 https://access.redhat.com/security/cve/cve-2025-13814