Submit #636628: mtons https://gitee.com/mtons/mblog <=3.5.0 Server-Side Template Injectioninfo

Titlemtons https://gitee.com/mtons/mblog <=3.5.0 Server-Side Template Injection
DescriptionThe /admin/theme/index endpoint in the admin panel supports uploading custom themes. When malicious code is inserted into a custom theme and uploaded/enabled, accessing the corresponding page can execute arbitrary system commands via SSTI.
Source⚠️ https://gitee.com/mtons/mblog/issues/ICPMUS
User
 ZAST.AI (UID 87884)
Submission08/18/2025 04:35 (8 months ago)
Moderation08/29/2025 08:05 (11 days later)
StatusDuplicate
VulDB entry258571 [Mblog Blog System 3.5.0 Theme Management unrestricted upload]
Points0

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!