Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-28101

An arbitrary file deletion vulnerability in the /post/{postTitle} component of flaskBlog v2.6.1 allows attackers to delete article titles created by other users via supplying a crafted POST request.

Published

2025-04-17T18:15:49.637

Last Modified

2025-04-23T19:03:51.237

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-352

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	dogukanurker	flaskblog	2.6.1	Yes

References

https://gist.github.com/coleak2021/cecfc757bc77038717c3e7b40e2d66ce Third Party Advisory ([email protected])
https://github.com/DogukanUrker/flaskBlog/issues/130 Exploit, Issue Tracking ([email protected])