Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Bludit Subscribe
Filtered by product Bludit

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-19228 1 Bludit 1 Bludit 2022-05-18 9.0 HIGH 7.2 HIGH
An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files.
CVE-2019-16113 1 Bludit 1 Bludit 2022-04-26 6.5 MEDIUM 8.8 HIGH
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
CVE-2021-25808 1 Bludit 1 Bludit 2021-08-02 6.8 MEDIUM 7.8 HIGH
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.
CVE-2019-12548 1 Bludit 1 Bludit 2021-07-21 6.5 MEDIUM 8.8 HIGH
Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo.
CVE-2020-23765 1 Bludit 1 Bludit 2021-05-27 6.5 MEDIUM 7.2 HIGH
A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server.
CVE-2019-12742 1 Bludit 1 Bludit 2020-08-24 6.5 MEDIUM 8.8 HIGH
Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference (a modified username POST parameter).
CVE-2018-1000811 1 Bludit 1 Bludit 2019-01-07 6.5 MEDIUM 8.8 HIGH
bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. This attack appear to be exploitable via malicious user have to upload a crafted payload containing PHP code.