CVE-2023-2101 MEDIUM

CVE-2023-2101: moxi624 Mogu Blog v2 uploadPicsByUrl uploadPictureByUrl absolute path traversal

Vendor Moxi624
Product Mogu Blog v2
Weakness CWE-36
Published April 15, 2023
Last update August 2, 2024

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up to 5.2. This issue affects the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226109 was assigned to this vulnerability.

Key dates

02Disclosure timeline

April 15, 2023 CVE published
August 2, 2024 Record updated