Shiyi Blog

4 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-5512 HIGH POC This Week

A security vulnerability in quequnlong shiyi-blog (CVSS 7.3). Risk factors: public PoC available.

Authentication Bypass PHP Shiyi Blog
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.3%
CVE-2025-5511 MEDIUM POC This Month

A security vulnerability in quequnlong shiyi-blog (CVSS 5.3). Risk factors: public PoC available.

Information Disclosure Shiyi Blog
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-5510 MEDIUM POC This Month

A vulnerability classified as critical was found in quequnlong shiyi-blog up to 1.2.1. This vulnerability affects unknown code of the file /app/sys/article/optimize. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SSRF Shiyi Blog
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-5509 MEDIUM POC This Month

A vulnerability classified as critical has been found in quequnlong shiyi-blog up to 1.2.1. This affects an unknown part of the file /api/file/upload. The manipulation of the argument file/source leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Path Traversal Shiyi Blog
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.3%
CVE-2025-5512
EPSS 0% CVSS 7.3
HIGH POC This Week

A security vulnerability in quequnlong shiyi-blog (CVSS 7.3). Risk factors: public PoC available.

Authentication Bypass PHP Shiyi Blog
NVD GitHub VulDB
CVE-2025-5511
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A security vulnerability in quequnlong shiyi-blog (CVSS 5.3). Risk factors: public PoC available.

Information Disclosure Shiyi Blog
NVD GitHub VulDB
CVE-2025-5510
EPSS 0% CVSS 6.3
MEDIUM POC This Month

A vulnerability classified as critical was found in quequnlong shiyi-blog up to 1.2.1. This vulnerability affects unknown code of the file /app/sys/article/optimize. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SSRF Shiyi Blog
NVD GitHub VulDB
CVE-2025-5509
EPSS 0% CVSS 6.3
MEDIUM POC This Month

A vulnerability classified as critical has been found in quequnlong shiyi-blog up to 1.2.1. This affects an unknown part of the file /api/file/upload. The manipulation of the argument file/source leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Path Traversal Shiyi Blog
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy