CVE-2022-40035
https://notcve.org/view.php?id=CVE-2022-40035
File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing attackers to execute arbitrary commands and gain escalated privileges via the /uploadFileList component. Vulnerabilidad de carga de archivos encontrada en Rawchen Blog-ssm v1.0 que permite a los atacantes ejecutar comandos arbitrarios y obtener privilegios aumentados a través del componente /uploadFileList. • https://github.com/rawchen/blog-ssm/issues/3 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2022-40036
https://notcve.org/view.php?id=CVE-2022-40036
An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user information by bypassing permission checks via the /adminGetUserList component. • https://github.com/rawchen/blog-ssm/issues/5 •