Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Thu, 02 Jul 2026 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access control which leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security. | In Blog.Core through bcb4d17, the getinfobytoken API interface contains improper access control that leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security. NOTE: Blog.Admin is related front-end code that does not offer an API service. |
| Weaknesses | CWE-863 | |
| References |
| |
| Metrics |
cvssV3_1
|
cvssV3_1
|
Fri, 03 Apr 2026 10:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Improper Access Control in BlogAdmin GetInfoByToken API Exposes Administrator Credentials |
Thu, 02 Apr 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:anjoy8:blog.admin:8.0:*:*:*:*:*:*:* |
Mon, 30 Mar 2026 08:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Improper Access Control in BlogAdmin GetInfoByToken API Exposes Administrator Credentials | |
| First Time appeared |
Anjoy8
Anjoy8 blog.admin |
|
| Vendors & Products |
Anjoy8
Anjoy8 blog.admin |
Sun, 29 Mar 2026 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Improper Access Control in Blog.Admin getinfobytoken API Exposes Admin Credentials | |
| Weaknesses | CWE-200 CWE-285 |
Sat, 28 Mar 2026 03:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-284 | |
| Metrics |
cvssV3_1
|
Fri, 27 Mar 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Improper Access Control in Blog.Admin getinfobytoken API Exposes Admin Credentials | |
| Weaknesses | CWE-200 CWE-285 |
Fri, 27 Mar 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access control which leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security. | |
| References |
|
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-07-02T19:53:34.641Z
Reserved: 2026-03-04T00:00:00.000Z
Link: CVE-2026-30689
Updated: 2026-03-27T20:31:54.015Z
Status : Analyzed
Published: 2026-03-27T15:16:53.620
Modified: 2026-06-17T10:32:52.410
Link: CVE-2026-30689
No data.
OpenCVE Enrichment
Updated: 2026-04-03T09:38:43Z