Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Published: 14/04/2025 Updated: 15/04/2025

Unrestricted File Upload Vulnerability in My-Blog-layui 1.0 Admin Panel

A critical vulnerability exists in ZHENFENG13/code-projects My-Blog-layui version 1.0. The vulnerability is located in the Upload function within the /admin/upload/authorImg/ file path. By manipulating the File argument, an attacker can perform an unrestricted file upload remotely. This security issue allows unauthorized file uploads without proper restrictions. The vulnerability details have been publicly disclosed, which means potential attackers could leverage this weakness. Despite early notification, the vendor did not provide a response to address the security problem. The vulnerability poses a significant risk to the application's security and could potentially allow unauthorized file uploads and system compromise.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zhenfeng13 my-blog-layui
code-projects my-blog-layui

CWE-284 CWE-434 https://nvd.nist.gov https://www.first.org/epss https://github.com/buluorifu/Vulnerability-recurrence/blob/main/Refer/My-Blog-layui-fileUpload.md https://vuldb.com/?ctiid.304648 https://vuldb.com/?id.304648 https://vuldb.com/?submit.550912

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2025-3593

Vulnerability Summary

References

Vulmon Search

About

Products

Connect