Vulnerabilities > CVE-2022-23626 - Unchecked Return Value vulnerability in Blog Project Blog

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

blog-project

CWE-252

NVD

Published: 2022-02-08

Updated: 2023-07-13

Summary

m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly. Although PHP issued warnings and the upload function returned `false`, the original file (that could contain a malicious payload) was kept on the disk. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.

Vulnerable Configurations

Part	Description	Count
Application	Blog_Project Blog Project Blog - Blog Project Blog 1.0 Blog Project Blog 1.01 Blog Project Blog 1.1 Blog Project Blog 1.02 Blog Project Blog 1.2 Blog Project Blog 1.03 Blog Project Blog 1.3	8

Common Weakness Enumeration (CWE)

CWE-252 - Unchecked Return Value

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References