Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bludit vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2020-18190
Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture.
Bludit Bludit 3.8.1
7.5
CVSSv2
CVE-2020-18879
Unrestricted File Upload in Bludit v3.8.1 allows remote malicious users to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'.
Bludit Bludit 3.8.1
6.5
CVSSv2
CVE-2019-16113
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
Bludit Bludit 3.9.2
1 EDB exploit
12 Github repositories
9
CVSSv2
CVE-2020-19228
An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows malicious users to upload arbitrary files.
Bludit Bludit 3.13.0
4.3
CVSSv2
CVE-2021-35323
Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login.
Bludit Bludit 3.13.1
3.5
CVSSv2
CVE-2019-16334
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636.
Bludit Bludit 3.9.2
3.5
CVSSv2
CVE-2020-15006
Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php.
Bludit Bludit 3.12.0
5.8
CVSSv2
CVE-2020-20495
bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup' parameter.
Bludit Bludit 3.13.0
NA
CVE-2023-24674
Permissions vulnerability found in Bludit CMS v.4.0.0 allows local malicious users to escalate privileges via the role:admin parameter.
Bludit Bludit 4.0.0
NA
CVE-2023-24675
Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows malicious users to execute arbitrary code via the Categories Friendly URL.
Bludit Bludit 3.14.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »