Sploit.io - Search

CVE-2025-27566

Severity: LOW

Description: Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege. If this vulnerability is exploited, a remote authenticated attacker with the administrator privilege may obtain or delete any file on the server.

Affected Products:

• appleple inc. a-blog cms - Versions: prior to Ver. 3.1.43 (Ver. 3.1.x series)
• appleple inc. a-blog cms - Versions: prior to Ver. 3.0.47 (Ver. 3.0.x series)

References:

• https://developer.a-blogcms.jp/blog/news/JVNVU-90760614.html
• https://jvn.jp/en/vu/JVNVU90760614/

CVE-2025-32999

Severity: MEDIUM

Description: Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product.

Affected Products:

• appleple inc. a-blog cms - Versions: prior to Ver. 3.1.43 (Ver. 3.1.x series)
• appleple inc. a-blog cms - Versions: prior to Ver. 3.0.47 (Ver. 3.0.x series)

References:

• https://developer.a-blogcms.jp/blog/news/JVNVU-90760614.html
• https://jvn.jp/en/vu/JVNVU90760614/