ByteOS Network

moxi624

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-6625

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-6.9||MEDIUM

EPSS-Not Assigned

Published-20 Apr, 2026 | 09:30

Updated-20 Apr, 2026 | 10:16

moxi624 Mogu Blog v2 Picture Storage Service LocalFileServiceImpl.java LocalFileServiceImpl.uploadPictureByUrl server-side request forgery

A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file mogu_picture/src/main/java/com/moxi/mogublog/picture/service/impl/LocalFileServiceImpl.java of the component Picture Storage Service. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor-moxi624

Product-Mogu Blog v2

CWE ID-CWE-918

Server-Side Request Forgery (SSRF)

CVE-2023-2101

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-4.3||MEDIUM

EPSS-0.49% / 65.68%

7 Day CHG+0.34%

Published-15 Apr, 2023 | 12:31

Updated-02 Aug, 2024 | 06:12

moxi624 Mogu Blog v2 uploadPicsByUrl uploadPictureByUrl absolute path traversal

A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up to 5.2. This issue affects the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226109 was assigned to this vulnerability.

Vendor-mogublog_project moxi624

Product-mogublog Mogu Blog v2

CWE ID-CWE-36

Absolute Path Traversal