A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
Link | Resource |
---|---|
https://github.com/zhangyd-c/OneBlog/issues/36 | Exploit Issue Tracking |
https://github.com/zhangyd-c/OneBlog/issues/36#issue-2923097259 | Exploit Issue Tracking |
https://vuldb.com/?ctiid.301471 | Permissions Required VDB Entry |
https://vuldb.com/?id.301471 | Third Party Advisory VDB Entry |
https://vuldb.com/?submit.521815 | Third Party Advisory VDB Entry |
https://github.com/zhangyd-c/OneBlog/issues/36 | Exploit Issue Tracking |
https://github.com/zhangyd-c/OneBlog/issues/36#issue-2923097259 | Exploit Issue Tracking |
Configurations
History
01 Apr 2025, 15:43
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/zhangyd-c/OneBlog/issues/36 - Exploit, Issue Tracking | |
References | () https://github.com/zhangyd-c/OneBlog/issues/36#issue-2923097259 - Exploit, Issue Tracking | |
References | () https://vuldb.com/?ctiid.301471 - Permissions Required, VDB Entry | |
References | () https://vuldb.com/?id.301471 - Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.521815 - Third Party Advisory, VDB Entry | |
First Time |
Zhyd
Zhyd oneblog |
|
CPE | cpe:2.3:a:zhyd:oneblog:*:*:*:*:*:*:*:* |
27 Mar 2025, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References | () https://github.com/zhangyd-c/OneBlog/issues/36 - | |
References | () https://github.com/zhangyd-c/OneBlog/issues/36#issue-2923097259 - |
27 Mar 2025, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-03-27 04:15
Updated : 2025-04-01 15:43
NVD link : CVE-2025-2835
Mitre link : CVE-2025-2835
CVE.ORG link : CVE-2025-2835
JSON object : View
Products Affected
zhyd
- oneblog
CWE
CWE-918
Server-Side Request Forgery (SSRF)