Search
Find a vulnerability
Search criteria
2 vulnerabilities found for a-blog cms (Ver.2.10.x series) by appleple inc.
CVE-2025-31103 (GCVE-0-2025-31103)
Vulnerability from nvd – Published: 2025-03-31 04:54 – Updated: 2025-03-31 12:59
VLAI
Summary
Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of untrusted data
Assigner
References
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| appleple inc. | a-blog cms (Ver.3.1.x series) |
Affected:
prior to Ver.3.1.37
|
|
| appleple inc. | a-blog cms (Ver.3.0.x series) |
Affected:
prior to Ver.3.0.41
|
|
| appleple inc. | a-blog cms (Ver.2.11.x series) |
Affected:
prior to Ver.2.11.70
|
|
| appleple inc. | a-blog cms (Ver.2.10.x series) |
Affected:
prior to Ver.2.10.58
|
|
| appleple inc. | a-blog cms (Ver.2.9.x series) |
Affected:
prior to Ver.2.9.46
|
|
| appleple inc. | a-blog cms (Ver. 2.8.x series) |
Affected:
prior to Ver.2.8.80
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31103",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T12:59:04.427491Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T12:59:20.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms (Ver.3.1.x series)",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.1.37"
}
]
},
{
"product": "a-blog cms (Ver.3.0.x series)",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.0.41"
}
]
},
{
"product": "a-blog cms (Ver.2.11.x series)",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.11.70"
}
]
},
{
"product": "a-blog cms (Ver.2.10.x series)",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.10.58"
}
]
},
{
"product": "a-blog cms (Ver.2.9.x series)",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.9.46"
}
]
},
{
"product": "a-blog cms (Ver. 2.8.x series)",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.8.80"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization of untrusted data",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T04:54:03.868Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/security-update202503.html"
},
{
"url": "https://developer.a-blogcms.jp/blog/news/entry-4197.html"
},
{
"url": "https://jvn.jp/en/jp/JVN66982699/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-31103",
"datePublished": "2025-03-31T04:54:03.868Z",
"dateReserved": "2025-03-26T09:54:15.256Z",
"dateUpdated": "2025-03-31T12:59:20.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-31103 (GCVE-0-2025-31103)
Vulnerability from cvelistv5 – Published: 2025-03-31 04:54 – Updated: 2025-03-31 12:59
VLAI
Summary
Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of untrusted data
Assigner
References
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| appleple inc. | a-blog cms (Ver.3.1.x series) |
Affected:
prior to Ver.3.1.37
|
|
| appleple inc. | a-blog cms (Ver.3.0.x series) |
Affected:
prior to Ver.3.0.41
|
|
| appleple inc. | a-blog cms (Ver.2.11.x series) |
Affected:
prior to Ver.2.11.70
|
|
| appleple inc. | a-blog cms (Ver.2.10.x series) |
Affected:
prior to Ver.2.10.58
|
|
| appleple inc. | a-blog cms (Ver.2.9.x series) |
Affected:
prior to Ver.2.9.46
|
|
| appleple inc. | a-blog cms (Ver. 2.8.x series) |
Affected:
prior to Ver.2.8.80
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31103",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T12:59:04.427491Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T12:59:20.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "a-blog cms (Ver.3.1.x series)",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.1.37"
}
]
},
{
"product": "a-blog cms (Ver.3.0.x series)",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.3.0.41"
}
]
},
{
"product": "a-blog cms (Ver.2.11.x series)",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.11.70"
}
]
},
{
"product": "a-blog cms (Ver.2.10.x series)",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.10.58"
}
]
},
{
"product": "a-blog cms (Ver.2.9.x series)",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.9.46"
}
]
},
{
"product": "a-blog cms (Ver. 2.8.x series)",
"vendor": "appleple inc.",
"versions": [
{
"status": "affected",
"version": "prior to Ver.2.8.80"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization of untrusted data",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T04:54:03.868Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://developer.a-blogcms.jp/blog/news/security-update202503.html"
},
{
"url": "https://developer.a-blogcms.jp/blog/news/entry-4197.html"
},
{
"url": "https://jvn.jp/en/jp/JVN66982699/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-31103",
"datePublished": "2025-03-31T04:54:03.868Z",
"dateReserved": "2025-03-26T09:54:15.256Z",
"dateUpdated": "2025-03-31T12:59:20.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}