漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Insufficient file checks in m1k1o/blog
Vulnerability Description
m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly. Although PHP issued warnings and the upload function returned `false`, the original file (that could contain a malicious payload) was kept on the disk. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
M1k1o Blog 输入验证错误漏洞
Vulnerability Description
M1k1o Blog是一个简单的自托管、轻量级、单用户 PHP 博客,您可以在其中创建自己的类似 Facebook 的提要。 M1k1o Blog 中存在输入验证错误漏洞,该漏洞源于产品函数 imagecreatefrom* 和 image* 的错误没有被正确检查。
CVSS Information
N/A
Vulnerability Type
N/A