What the vulnerability does
01Description
Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogzee blogzee allows Using Malicious Files.This issue affects Blogzee: from n/a through <= 1.0.5.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
What the vulnerability does
Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogzee blogzee allows Using Malicious Files.This issue affects Blogzee: from n/a through <= 1.0.5.
Explanation of Vulnerability in Simple Terms
Blogzee versions up to 1.0.5 do not properly validate file uploads, allowing authenticated users to upload arbitrary files to the site. An attacker with low-level access can upload malicious files—such as PHP scripts—that execute on the server. This vulnerability affects the entire site and can lead to complete compromise.
What an attacker can do
Upload and execute arbitrary files (such as PHP scripts) on the site server.
Potential impact on your site
A compromised user account or plugin can lead to full site takeover, data theft, and malware installation.
Conditions required to exploit
Attacker must have a low-privilege user account on the site.
Key dates
External resources