Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bludit bludit vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2020-19228
An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows malicious users to upload arbitrary files.
Bludit Bludit 3.13.0
NA
CVE-2023-24675
Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows malicious users to execute arbitrary code via the Categories Friendly URL.
Bludit Bludit 3.14.1
NA
CVE-2020-20210
Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/ajax/upload-images.
Bludit Bludit 3.9.2
4.3
CVSSv2
CVE-2021-35323
Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login.
Bludit Bludit 3.13.1
4.3
CVSSv2
CVE-2019-17240
bl-kernel/security.class.php in Bludit 3.9.2 allows malicious users to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
Bludit Bludit 3.9.2
20 Github repositories
4.3
CVSSv2
CVE-2018-16313
Bludit 2.3.4 allows XSS via a user name.
Bludit Bludit 2.3.4
6.5
CVSSv2
CVE-2019-16113
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
Bludit Bludit 3.9.2
1 EDB exploit
12 Github repositories
6.5
CVSSv2
CVE-2020-23765
A file upload vulnerability exists in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server.
Bludit Bludit 3.12.0
4
CVSSv2
CVE-2020-15026
Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php.
Bludit Bludit 3.12.0
6.4
CVSSv2
CVE-2020-18190
Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture.
Bludit Bludit 3.8.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »