RSS   Podatności dla 'Bludit'   RSS

2022-05-11
 
CVE-2020-19228

CWE-434
 

 
An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files.

 
2022-05-05
 
CVE-2022-1590

CWE-79
 

 
A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit has been disclosed to the public and may be used.

 
2022-01-06
 
CVE-2021-45744

CWE-79
 

 
A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel.

 
 
CVE-2021-45745

CWE-79
 

 
A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel.

 
2021-10-19
 
CVE-2021-35323

CWE-79
 

 
Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login.

 
2021-09-01
 
CVE-2020-20495

NVD-CWE-noinfo
 

 
bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup' parameter.

 
2021-08-20
 
CVE-2020-18879

CWE-434
 

 
Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'.

 
2021-05-21
 
CVE-2020-23765

CWE-434
 

 
A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server.

 
2020-10-02
 
CVE-2020-18190

CWE-22
 

 
Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture.

 
2020-06-24
 
CVE-2020-15026

CWE-22
 

 
Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php.

 


Copyright 2024, cxsecurity.com

 

Back to Top