CVE-2022-23626

HIGH

blog_project/blog < 1.4 - Remote Code Execution via Unchecked Image Function Return Values

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-23626. PoCs published by Malte V.

AI-analyzed exploit summary This exploit targets an authenticated file upload vulnerability in m1k1o's Blog v1.3 and below, allowing RCE via a malicious PHP file disguised as an image. It establishes a reverse shell by leveraging improper file extension validation.

Description

m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly. Although PHP issued warnings and the upload function returned `false`, the original file (that could contain a malicious payload) was kept on the disk. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.

Exploits (1)

exploitdb WORKING POC
by Malte V · pythonwebappsphp
https://www.exploit-db.com/exploits/50943

This exploit targets an authenticated file upload vulnerability in m1k1o's Blog v1.3 and below, allowing RCE via a malicious PHP file disguised as an image. It establishes a reverse shell by leveraging improper file extension validation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: m1k1o's Blog v1.3 and below
Auth required
Prerequisites: Valid user credentials · Network access to the target · A listening netcat instance for the reverse shell
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 8.5
EPSS 0.0987
EPSS Percentile 94.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-252 CWE-20
Status published
Products (1)
blog_project/blog < 1.4
Published Feb 08, 2022
Tracked Since Feb 18, 2026