CNNVD-202512-3161 Information

CNNVD ID

CNNVD-202512-3161

Related CVE

CVE-2023-53907

• CNNVD Published: 2025-12-17

Description (Chinese)

Bludit是Bludit开源的一套开源的轻量级博客内容管理系统（CMS）。 Bludit 3.13.1之前版本存在路径遍历漏洞，该漏洞源于Backup Plugin文件路径参数操作不当，可能导致任意文件下载。

Description (English)

Bluedit is an open-source, lightweight blog content management system (CMS) for Bluedit. The previous version of Bludit 3.13.1 had a loophole in the path, which stemmed from the inappropriate operation of the path parameters of the Backup Plugin file, which could lead to any download.

Hazard Level

High

Vulnerability Type

路径遍历

Affected Vendor

Bludit

Published

2025-12-17

Last Modified

2026-02-24

References

https://www.bludit.com https://www.vulncheck.com/advisories/bludit-authenticated-arbitrary-file-download-via-backup-plugin https://www.exploit-db.com/exploits/51541 https://access.redhat.com/security/cve/cve-2023-53907

Patch

https://www.bludit.com/