Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Bludit
(Bludit)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 29 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-09-08 | CVE-2019-16113 | Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname. | Bludit | 8.8 | ||
| 2022-01-06 | CVE-2021-45744 | A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel. | Bludit | 5.4 | ||
| 2022-01-06 | CVE-2021-45745 | A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel. | Bludit | 5.4 | ||
| 2021-10-19 | CVE-2021-35323 | Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login. | Bludit | 6.1 | ||
| 2021-09-01 | CVE-2020-20495 | bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup' parameter. | Bludit | 9.1 | ||
| 2021-08-20 | CVE-2020-18879 | Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'. | Bludit | 9.8 | ||
| 2021-07-23 | CVE-2021-25808 | A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file. | Bludit | 7.8 | ||
| 2019-06-03 | CVE-2019-12548 | Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo. | Bludit | 8.8 | ||
| 2021-05-21 | CVE-2020-23765 | A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server. | Bludit | 7.2 | ||
| 2019-10-06 | CVE-2019-17240 | bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers. | Bludit | 9.8 |