Description
In Blog.Core through bcb4d17, the getinfobytoken API interface contains improper access control that leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security. NOTE: Blog.Admin is related front-end code that does not offer an API service.
Published: 2026-03-27
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Jul 2026 17:00:00 +0000

Type Values Removed Values Added
Title Improper Access Control Exposes Administrator Credentials via Blog.Core API

Mon, 06 Jul 2026 13:00:00 +0000

Type Values Removed Values Added
Title Improper Access Control Exposes Administrator Credentials via Blog.Core API

Mon, 06 Jul 2026 04:15:00 +0000

Type Values Removed Values Added
Title Improper Access Control Exposes Administrator Credentials via Blog.Core API

Sun, 05 Jul 2026 12:00:00 +0000

Type Values Removed Values Added
Title Improper Access Control Exposes Administrator Credentials via Blog.Core API

Sat, 04 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Title Improper Access Control in Blog.Core GetInfoByToken API Exposes Admin Credentials

Fri, 03 Jul 2026 13:15:00 +0000

Type Values Removed Values Added
Title Improper Access Control in Blog.Core GetInfoByToken API Exposes Admin Credentials

Thu, 02 Jul 2026 20:15:00 +0000

Type Values Removed Values Added
Description A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access control which leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security. In Blog.Core through bcb4d17, the getinfobytoken API interface contains improper access control that leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security. NOTE: Blog.Admin is related front-end code that does not offer an API service.
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}


Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Title Improper Access Control in BlogAdmin GetInfoByToken API Exposes Administrator Credentials

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:anjoy8:blog.admin:8.0:*:*:*:*:*:*:*

Mon, 30 Mar 2026 08:15:00 +0000

Type Values Removed Values Added
Title Improper Access Control in BlogAdmin GetInfoByToken API Exposes Administrator Credentials
First Time appeared Anjoy8
Anjoy8 blog.admin
Vendors & Products Anjoy8
Anjoy8 blog.admin

Sun, 29 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
Title Improper Access Control in Blog.Admin getinfobytoken API Exposes Admin Credentials
Weaknesses CWE-200
CWE-285

Sat, 28 Mar 2026 03:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Title Improper Access Control in Blog.Admin getinfobytoken API Exposes Admin Credentials
Weaknesses CWE-200
CWE-285

Fri, 27 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
Description A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access control which leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security.
References

Subscriptions

Anjoy8 Blog.admin
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-07-05T01:29:51.969Z

Reserved: 2026-03-04T00:00:00.000Z

Link: CVE-2026-30689

cve-icon Vulnrichment

Updated: 2026-03-27T20:31:54.015Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-27T15:16:53.620

Modified: 2026-06-17T10:32:52.410

Link: CVE-2026-30689

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-08T04:15:04Z

Weaknesses