CVE-2023-1937

MEDIUM

zhenfeng13 My-Blog - CSRF

Title source: llm

Description

A vulnerability, which was classified as problematic, was found in zhenfeng13 My-Blog. Affected is an unknown function of the file /admin/configurations/userInfo. The manipulation of the argument yourAvatar/yourName/yourEmail leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-225264.

Exploits (1)

gitee 631 stars
by zhenfeng13 · javawriteup
https://gitee.com/zhenfeng13/My-Blog/issues/I6PV4U

References (3)

Scores

CVSS v3 4.3
EPSS 0.0011
EPSS Percentile 29.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE
CWE-352
Status published
Products (1)
my-blog_project/my-blog
Published Apr 07, 2023
Tracked Since Feb 18, 2026