CVE-2025-29281

In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files and execute code within them.
References
Link Resource
https://github.com/Cray0nLee/CVE/issues/2 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:perfree:perfreeblog:4.0.11:*:*:*:*:*:*:*

History

24 Jun 2025, 15:17

Type Values Removed Values Added
References () https://github.com/Cray0nLee/CVE/issues/2 - () https://github.com/Cray0nLee/CVE/issues/2 - Exploit, Third Party Advisory
References () https://github.com/Cray0nLee/CVE/issues/2 - () https://github.com/Cray0nLee/CVE/issues/2 - Exploit, Third Party Advisory
CPE cpe:2.3:a:perfree:perfreeblog:4.0.11:*:*:*:*:*:*:*
First Time Perfree
Perfree perfreeblog
Summary
  • (es) En la versión 4.0.11 de PerfreeBlog, los usuarios habituales pueden explotar la vulnerabilidad de carga de archivos arbitrarios en el componente adjunto para cargar archivos arbitrarios y ejecutar código dentro de ellos.
CPE cpe:2.3:a:perfree:perfreeblog:4.0.11:*:*:*:*:*:*:*
First Time Perfree
Perfree perfreeblog

15 Apr 2025, 18:39

Type Values Removed Values Added
CPE cpe:2.3:a:perfree:perfreeblog:4.0.11:*:*:*:*:*:*:*
References () https://github.com/Cray0nLee/CVE/issues/2 - Exploit, Third Party Advisory () https://github.com/Cray0nLee/CVE/issues/2 -

15 Apr 2025, 15:16

Type Values Removed Values Added
New CVE

Information

Published : 2025-04-15 15:16

Updated : 2025-06-24 15:17


NVD link : CVE-2025-29281

Mitre link : CVE-2025-29281

CVE.ORG link : CVE-2025-29281


JSON object : View

Products Affected

perfree

  • perfreeblog
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')