Filtered by vendor Bludit
Subscribe
Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-20495 | 1 Bludit | 1 Bludit | 2021-09-08 | 5.8 MEDIUM | 9.1 CRITICAL |
| bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup' parameter. | |||||
| CVE-2020-18879 | 1 Bludit | 1 Bludit | 2021-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'. | |||||
| CVE-2019-17240 | 1 Bludit | 1 Bludit | 2020-10-21 | 4.3 MEDIUM | 9.8 CRITICAL |
| bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers. | |||||
| CVE-2020-18190 | 1 Bludit | 1 Bludit | 2020-10-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture. | |||||