CVE-2022-23626
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-23626
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23626.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-23626
- Aliases
-
- GHSA-wmqj-5v54-24x4
- Published
- 2022-02-08T22:00:12Z
- Modified
- 2025-11-28T03:31:59.769634Z
- Severity
-
- 8.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- Insufficient file checks in m1k1o/blog
- Details
-
m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions
imagecreatefrom*andimage*have not been checked properly. Although PHP issued warnings and the upload function returnedfalse, the original file (that could contain a malicious payload) was kept on the disk. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. - Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23626.json", "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-20" ] }- References
-
- http://packetstormsecurity.com/files/167235/m1k1os-Blog-1.3-Remote-Code-Execution.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23626.json
- https://github.com/m1k1o/blog/commit/6f5e59f1401c4a3cf2e518aa85b231ea14e8a2ef
- https://github.com/m1k1o/blog/security/advisories/GHSA-wmqj-5v54-24x4
- https://nvd.nist.gov/vuln/detail/CVE-2022-23626