Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bludit vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-16313
Bludit 2.3.4 allows XSS via a user name.
Bludit Bludit 2.3.4
NA
CVE-2020-20210
Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/ajax/upload-images.
Bludit Bludit 3.9.2
4.3
CVSSv2
CVE-2019-17240
bl-kernel/security.class.php in Bludit 3.9.2 allows malicious users to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
Bludit Bludit 3.9.2
20 Github repositories
NA
CVE-2024-25297
Cross Site Scripting (XSS) vulnerability in Bludit CMS version 3.15, allows remote malicious users to execute arbitrary code and obtain sensitive information via edit-content.php.
Bludit Bludit 3.15.0
6.5
CVSSv2
CVE-2020-23765
A file upload vulnerability exists in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server.
Bludit Bludit 3.12.0
6.5
CVSSv2
CVE-2018-1000811
bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. This attack appear to be exploitable via malicious user have to upload a crafted payload containing PHP cod...
Bludit Bludit 3.0.0
6.8
CVSSv2
CVE-2021-25808
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows malicious users to execute arbitrary code via a crafted ZIP file.
Bludit Bludit 3.13.1
3.5
CVSSv2
CVE-2022-1590
A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input <script>alert(1)</script> leads to cross site...
Bludit Bludit 3.13.1
3.5
CVSSv2
CVE-2020-8812
Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug.
Bludit Bludit 3.10.0
4
CVSSv2
CVE-2020-8811
ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures.
Bludit Bludit 3.10.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3