Primary

Context

a-blog cms Improper Log Neutralization Vulnerability Allowing Session Hijacking

Vulnerability

Patched

A vulnerability exists in a-blog cms that improperly neutralizes log data, creating a potential security risk. When combined with another vulnerability, CVE-2025-36560, this issue may allow a remote, unauthenticated attacker to hijack the session of a legitimate user.

Impact

Exploitation of this vulnerability, in conjunction with CVE-2025-36560, could lead to unauthorized session hijacking.

Remediation

Users are advised to update a-blog cms to the latest version. Additionally, the developer has provided a workaround for this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.4

exploitability

6.4

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.4

exploitability

6.4

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

a-blog cms Improper Log Neutralization Vulnerability Allowing Session Hijacking

Vulnerability

Impact

Remediation

Affected Products

appleple a-blog cms

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating