Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
beescms beescms 4.0 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-10266
BEESCMS 4.0 has a CSRF vulnerability to add an administrator account via the admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user URI.
Beescms Beescms 4.0
8.8
CVSSv3
CVE-2019-8347
BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via the admin/admin_member.php?action=add&nav=add_web_user&admin_p_nav=user URI.
Beescms Beescms 4.0
6.5
CVSSv3
CVE-2020-22334
Cross Site Request Forgery (CSRF) vulnerability in beescms v4 allows malicious users to delete the administrator account via crafted request to /admin/admin_admin.php.
Beescms Beescms 4.0
8.8
CVSSv3
CVE-2020-23572
BEESCMS v4.0 exists to contain an arbitrary file upload vulnerability via the component /admin/upload.php. This vulnerability allows malicious users to execute arbitrary code via a crafted image file.
Beescms Beescms 4.0
8.8
CVSSv3
CVE-2018-12739
In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266.
Beescms Beescms 4.0
1 EDB exploit
NA
CVE-2024-31011
Arbitrary file write vulnerability in beescms v.4.0, allows a remote malicious user to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin_template.php.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started