mblog <=3.5.0 Server-Side Template Injectionالمعلومات

عنوان	mtons https://gitee.com/mtons/mblog <=3.5.0 Server-Side Template Injection
الوصف	The /admin/theme/index endpoint in the admin panel supports uploading custom themes. When malicious code is inserted into a custom theme and uploaded/enabled, accessing the corresponding page can execute arbitrary system commands via SSTI.
المصدر	⚠️ https://gitee.com/mtons/mblog/issues/ICPMUS
المستخدم	ZAST.AI (UID 87884)
ارسال	18/08/2025 04:35 AM (8 أشهر منذ)
الاعتدال	29/08/2025 08:05 AM (11 days later)
الحالة	مكرر
إدخال VulDB	258571 [Mblog Blog System 3.5.0 Theme Management تجاوز الصلاحيات]
النقاط	0

Want to know what is going to be exploited?

We predict KEV entries!