baijiacms vulnerabilities and exploits

7.5
HIGH
CVE-2019-7568

An issue was discovered in baijiacms V4 that can result in time-based blind SQL injection to get data via the cate parameter in an index.php?act=index request....

7.5
HIGH
CVE-2018-16724

An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request....

4.3
MEDIUM
CVE-2018-16725

An issue is discovered in baijiacms V4. XSS exists via the assets/weengine/components/zclip/ZeroClipboard.swf id parameter, aka "Non-standard use of the flash component."...

6.8
MEDIUM
CVE-2018-10503

An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser....

6.8
MEDIUM
CVE-2018-10249

baijiacms V3 has CSRF via index.php?mod=site&op=edituser&name=manager&do=user to add an administrator account....

5
MEDIUM
CVE-2018-10219

baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request....