Primary

Context

PerfreeBlog Arbitrary File Upload Vulnerability in Version 4.0.11

Vulnerability

An arbitrary file upload vulnerability has been identified in the attach component of PerfreeBlog version 4.0.11. This vulnerability allows regular users to upload arbitrary files and execute code contained within those files.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which can be used to execute malicious code on the server.

Reproduction

To reproduce this vulnerability, log in as a regular user and send a POST request to the '/api/auth/attach/uploadAttachByUrl' endpoint. Include a URL pointing to a file, such as a crafted SVG file containing JavaScript, in the request body. Once the file is uploaded, access it through the provided URL to trigger the code execution.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

7.5

exploitability

6.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

7.5

exploitability

6.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PerfreeBlog Arbitrary File Upload Vulnerability in Version 4.0.11

Vulnerability

Impact

Reproduction

Affected Products

PerfreeBlog

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating