RSS   Vulnerabilities for 'Bludit'   RSS

2020-10-02
 
CVE-2020-18190

CWE-22
 

 
Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture.

 
2020-06-24
 
CVE-2020-15026

CWE-22
 

 
Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php.

 
 
CVE-2020-15006

CWE-79
 

 
Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php.

 
2020-06-06
 
CVE-2020-13889

CWE-79
 

 
showAlert() in the administration panel in Bludit 3.12.0 allows XSS.

 
2020-02-07
 
CVE-2020-8812

CWE-79
 

 
** DISPUTED ** Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug."

 
 
CVE-2020-8811

CWE-862
 

 
ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures.

 
2019-10-06
 
CVE-2019-17240

CWE-307
 

 
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.

 
2019-09-15
 
CVE-2019-16334

CWE-79
 

 
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636.

 
2019-09-08
 
CVE-2019-16113

CWE-94
 

 
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.

 
2019-06-05
 
CVE-2019-12742

CWE-287
 

 
Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference (a modified username POST parameter).

 


Copyright 2020, cxsecurity.com

 

Back to Top