Skip to main content

Perfreeblog CVE-2023-27757

CRITICAL
Unrestricted Upload of File with Dangerous Type (CWE-434)
2023-03-15 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 15, 2023 - 03:15 nvd
CRITICAL 9.8

DescriptionNVD

An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to execute arbitrary code via a crafted JPG file.

AnalysisAI

An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to execute arbitrary code via a crafted JPG file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to execute arbitrary code via a crafted JPG file. Affected products include: Perfree Perfreeblog.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.

CVE-2023-30333 CRITICAL POC
9.8 May 18

An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attacke

CVE-2025-29281 HIGH POC
8.8 Apr 15

In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component

CVE-2025-60730 HIGH POC
7.6 Oct 24

Arbitrary file deletion in PerfreeBlog 4.0.11 lets attackers remove files outside the intended theme directory by abusin

CVE-2023-40825 HIGH POC
7.2 Aug 28

An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in

CVE-2023-29643 MEDIUM POC
5.4 May 01

Cross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2 allows attackers to execute arbitrary code via the Post fu

CVE-2025-60729 MEDIUM POC
5.3 Oct 24

Arbitrary file read in PerfreeBlog v4.0.11 allows unauthenticated remote attackers to read files outside the intended we

CVE-2025-29280 MEDIUM POC
4.8 Apr 15

Stored cross-site scripting vulnerability exists in PerfreeBlog v4.0.11 in the website name field of the backend system

CVE-2025-60735 HIGH
7.6 Oct 24

Arbitrary file upload in PerfreeBlog 4.0.11 lets an authenticated user abuse the installPlugin function to upload malici

CVE-2025-60731 HIGH
7.6 Oct 24

Arbitrary file upload in PerfreeBlog v4.0.11 lets an authenticated attacker abuse the installTheme function to upload ma

CVE-2025-29421 HIGH POC
7.5 Aug 25

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the getThemeFileContent function. Rated high severity (C

CVE-2025-29420 HIGH POC
7.5 Aug 25

PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function. Rated high severity (CV

CVE-2025-5164 MEDIUM POC
6.3 May 26

A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. Rated medium severity (CVSS 6.3), th

Share

CVE-2023-27757 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy