关键信息 漏洞ID: JVN#66982699 漏洞类型: Untrusted Data Deserialization (CWE-502) 受影响产品: - a-blog cms versions prior to Ver.3.1.37 (Ver.3.1.x series) - a-blog cms versions prior to Ver.3.0.41 (Ver.3.0.x series) - a-blog cms versions prior to Ver.2.11.70 (Ver.2.11.x series) - a-blog cms versions prior to Ver.2.10.58 (Ver.2.10.x series) - a-blog cms versions prior to Ver.2.9.46 (Ver.2.9.x series) - a-blog cms versions prior to Ver.2.8.80 (Ver.2.8.x series) - a-blog cms Ver.2.7 and earlier versions (unsupported) 影响: - Processing a specially crafted request may store arbitrary files on the server. - This can be leveraged to execute an arbitrary script on the server. 解决方案: - 更新软件: Update to the latest version. - 应用变通方法: Apply the workaround until the software is updated. CVSS v3 Base Score: 7.5 CVE ID: CVE-2025-31103 JVN iPedal ID: JVNDDB-2025-000024 发布日期: 2025/03/28 最后更新日期: 2025/03/28