Filtered by vendor Bludit
Subscriptions
Filtered by product Bludit
Subscriptions
Total
42 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24674 | 1 Bludit | 1 Bludit | 2024-11-21 | 7.8 High |
| Permissions vulnerability found in Bludit CMS v.4.0.0 allows local attackers to escalate privileges via the role:admin parameter. | ||||
| CVE-2021-45745 | 1 Bludit | 1 Bludit | 2024-11-21 | 5.4 Medium |
| A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel. | ||||
| CVE-2021-45744 | 1 Bludit | 1 Bludit | 2024-11-21 | 5.4 Medium |
| A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel. | ||||
| CVE-2021-35323 | 1 Bludit | 1 Bludit | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login. | ||||
| CVE-2021-25808 | 1 Bludit | 1 Bludit | 2024-11-21 | 7.8 High |
| A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file. | ||||
| CVE-2020-8812 | 1 Bludit | 1 Bludit | 2024-11-21 | 5.4 Medium |
| Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug. | ||||
| CVE-2020-8811 | 1 Bludit | 1 Bludit | 2024-11-21 | 4.3 Medium |
| ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures. | ||||
| CVE-2020-23765 | 1 Bludit | 1 Bludit | 2024-11-21 | 7.2 High |
| A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server. | ||||
| CVE-2020-20495 | 1 Bludit | 1 Bludit | 2024-11-21 | 9.1 Critical |
| bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup' parameter. | ||||
| CVE-2020-19228 | 1 Bludit | 1 Bludit | 2024-11-21 | 7.2 High |
| An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files. | ||||
| CVE-2020-18879 | 1 Bludit | 1 Bludit | 2024-11-21 | 9.8 Critical |
| Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'. | ||||
| CVE-2020-18190 | 1 Bludit | 1 Bludit | 2024-11-21 | 9.1 Critical |
| Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture. | ||||
| CVE-2020-15026 | 1 Bludit | 1 Bludit | 2024-11-21 | 4.9 Medium |
| Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php. | ||||
| CVE-2020-15006 | 1 Bludit | 1 Bludit | 2024-11-21 | 5.4 Medium |
| Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php. | ||||
| CVE-2020-13889 | 1 Bludit | 1 Bludit | 2024-11-21 | 5.4 Medium |
| showAlert() in the administration panel in Bludit 3.12.0 allows XSS. | ||||
| CVE-2019-17240 | 1 Bludit | 1 Bludit | 2024-11-21 | 9.8 Critical |
| bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers. | ||||
| CVE-2019-16334 | 1 Bludit | 1 Bludit | 2024-11-21 | 4.8 Medium |
| In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636. | ||||
| CVE-2019-16113 | 1 Bludit | 1 Bludit | 2024-11-21 | 8.8 High |
| Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname. | ||||
| CVE-2019-12742 | 1 Bludit | 1 Bludit | 2024-11-21 | N/A |
| Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference (a modified username POST parameter). | ||||
| CVE-2019-12548 | 1 Bludit | 1 Bludit | 2024-11-21 | N/A |
| Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo. | ||||