Perfree

1 exploit Active since Oct 2025
CVE-2025-60319 WRITEUP MEDIUM WRITEUP
PerfreeBlog 4.0.11 - Server-Side Request Forgery via UploadAttachByUrl API Endpoint
PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint (AttachController.java).
CVSS 6.5