CVE-2022-34012

MEDIUM

OneBlog v2.3.4 - Privilege Escalation

Title source: llm

Description

Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of high-level administrators who hold greater privileges.

Exploits (1)

gitee 5,303 stars

by yadong.zhang · javawriteup

https://gitee.com/yadong.zhang/DBlog/issues/I5CB2O

View on gitee

References (1)

[Exploit, Issue Tracking, Third Party Advisory] https://gitee.com/yadong.zhang/DBlog/issues/I5CB2O

Scores

CVSS v3 6.5

EPSS 0.0011

EPSS Percentile 29.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-732

Status published

Products (1)

zhyd/oneblog 2.3.4

Published Jun 23, 2022

Tracked Since Feb 18, 2026