CVE-2023-2101

Summary

A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up to 5.2. This issue affects the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226109 was assigned to this vulnerability.

Affected Software

VendorProductVersion RangeStatus
moxi624Mogu Blog v25.0affected
moxi624Mogu Blog v25.1affected
moxi624Mogu Blog v25.2affected

Weaknesses

  • CWE-36: CWE-36 Absolute Path Traversal

ADP Enrichment

CVE Program Container

Additional References

References