Aggregates CVE and security vulnerability intelligence across all blog_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection and vendor risk input validation and related problems; some flaws may lead to vendor impact unexpected behavior and vendor impact data exposure.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-23626 | m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly. Although PHP issued warnings and the upload function returned `false`, the original file (that could contain a malicious payload) was kept on the disk. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. | [email protected] | 8.5 | 4.27% | 2022-02-08 | 2024-11-21 |
| CVE-2017-14346 | upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file. | [email protected] | 9.8 | 0.90% | 2017-09-12 | 2026-05-13 |
| CVE-2017-14345 | SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php. | [email protected] | 9.8 | 0.25% | 2017-09-12 | 2026-05-13 |