Filtered by vendor Bludit
Subscriptions
Total
35 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-23765 | 1 Bludit | 1 Bludit | 2024-11-21 | 7.2 High |
| A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server. | ||||
| CVE-2020-20495 | 1 Bludit | 1 Bludit | 2024-11-21 | 9.1 Critical |
| bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup' parameter. | ||||
| CVE-2020-19228 | 1 Bludit | 1 Bludit | 2024-11-21 | 7.2 High |
| An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files. | ||||
| CVE-2020-18879 | 1 Bludit | 1 Bludit | 2024-11-21 | 9.8 Critical |
| Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'. | ||||
| CVE-2020-18190 | 1 Bludit | 1 Bludit | 2024-11-21 | 9.1 Critical |
| Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture. | ||||
| CVE-2020-15026 | 1 Bludit | 1 Bludit | 2024-11-21 | 4.9 Medium |
| Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php. | ||||
| CVE-2020-15006 | 1 Bludit | 1 Bludit | 2024-11-21 | 5.4 Medium |
| Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php. | ||||
| CVE-2020-13889 | 1 Bludit | 1 Bludit | 2024-11-21 | 5.4 Medium |
| showAlert() in the administration panel in Bludit 3.12.0 allows XSS. | ||||
| CVE-2019-17240 | 1 Bludit | 1 Bludit | 2024-11-21 | 9.8 Critical |
| bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers. | ||||
| CVE-2019-16334 | 1 Bludit | 1 Bludit | 2024-11-21 | 4.8 Medium |
| In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636. | ||||
| CVE-2019-16113 | 1 Bludit | 1 Bludit | 2024-11-21 | 8.8 High |
| Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname. | ||||
| CVE-2019-12742 | 1 Bludit | 1 Bludit | 2024-11-21 | N/A |
| Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference (a modified username POST parameter). | ||||
| CVE-2019-12548 | 1 Bludit | 1 Bludit | 2024-11-21 | N/A |
| Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo. | ||||
| CVE-2018-16313 | 1 Bludit | 1 Bludit | 2024-11-21 | N/A |
| Bludit 2.3.4 allows XSS via a user name. | ||||
| CVE-2018-1000811 | 1 Bludit | 1 Bludit | 2024-11-21 | N/A |
| bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. This attack appear to be exploitable via malicious user have to upload a crafted payload containing PHP code. | ||||