CVE-2022-23626
- Reference to the description:
- Description:
- m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly. Although PHP issued warnings and the upload function returned `false`, the original file (that could contain a malicious payload) was kept on the disk. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
- Last updated date:
- 07/13/2023
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 10/07/2022
- Reference url to background
http://packetstormsecurity.com/files/167235/m1k1os-Blog-1.3-Remote-Code-Execution.html