Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
baijiacms project baijiacms vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-33396
Cross Site Request Forgery (CSRF) vulnerability in baijiacms 4.1.4, allows malicious users to change the password or other information of an arbitrary account via index.php.
Baijiacms Project Baijiacms 4.1.4
8.8
CVSSv3
CVE-2022-45942
A Remote Code Execution (RCE) vulnerability was found in includes/baijiacms/common.inc.php in baijiacms v4.
Baijiacms Project Baijiacms
8.8
CVSSv3
CVE-2022-38931
A Server-Side Request Forgery (SSRF) in fetch_net_file_upload function of baijiacmsV4 v4.1.4 allows remote malicious users to force the application to make arbitrary requests via injection of arbitrary URLs into the url parameter.
Baijiacms Project Baijiacms 4.1.4
9.8
CVSSv3
CVE-2022-35150
Baijicms v4 exists to contain an arbitrary file upload vulnerability.
Baijiacms Project Baijiacms 4 1 4 20170105
6.5
CVSSv3
CVE-2020-25873
A directory traversal vulnerability in the component system/manager/class/web/database.php exists in Baijiacms V4 which allows malicious users to arbitrarily delete folders on the server via the "id" parameter.
Baijiacms Project Baijiacms 4
9.8
CVSSv3
CVE-2019-7568
An issue exists in baijiacms V4 that can result in time-based blind SQL injection to get data via the cate parameter in an index.php?act=index request.
Baijiacms Project Baijiacms 4.0
9.8
CVSSv3
CVE-2018-16724
An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request.
Baijiacms Project Baijiacms 4.0
6.1
CVSSv3
CVE-2018-16725
An issue is discovered in baijiacms V4. XSS exists via the assets/weengine/components/zclip/ZeroClipboard.swf id parameter, aka "Non-standard use of the flash component."
Baijiacms Project Baijiacms 4.0
8.8
CVSSv3
CVE-2018-10503
An issue exists in index.php in baijiacms V4 v4_1_4_20170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser.
Baijiacms Project Baijiacms 4 1 4 20170105
8.8
CVSSv3
CVE-2018-10249
baijiacms V3 has CSRF via index.php?mod=site&op=edituser&name=manager&do=user to add an administrator account.
Baijiacms Project Baijiacms 3.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »