RSS   Podatności dla 'Baijiacms'   RSS

2022-04-11
 
CVE-2021-34250

CWE-352
 
 
An issue was discovered in baijiacms v4. There is a CSRF vulnerability that can modify the store information and login password.

 
2021-10-29
 
CVE-2020-25873

CWE-22
 
 
A directory traversal vulnerability in the component system/manager/class/web/database.php was discovered in Baijiacms V4 which allows attackers to arbitrarily delete folders on the server via the "id" parameter.

 
2019-02-07
 
CVE-2019-7568

CWE-89
 
 
An issue was discovered in baijiacms V4 that can result in time-based blind SQL injection to get data via the cate parameter in an index.php?act=index request.

 
2018-09-08
 
CVE-2018-16725

CWE-79
 
 
An issue is discovered in baijiacms V4. XSS exists via the assets/weengine/components/zclip/ZeroClipboard.swf id parameter, aka "Non-standard use of the flash component."

 
 
CVE-2018-16724

CWE-89
 
 
An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request.

 
2018-04-27
 
CVE-2018-10503

CWE-352
 
 
An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser.

 
2018-04-20
 
CVE-2018-10249

CWE-352
 
 
baijiacms V3 has CSRF via index.php?mod=site&op=edituser&name=manager&do=user to add an administrator account.

 
2018-04-19
 
CVE-2018-10219

CWE-200
 
 
baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request.

 

Copyright 2024, cxsecurity.com

 

Back to Top