OneBlog v2.3.4 exists to contain a Server-Side Request Forgery (SSRF) vulnerability via the Logo parameter under the Link module.
zhyd oneblog 2.3.4