Search
Search Results (45 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16113 | 1 Bludit | 1 Bludit | 2024-11-21 | 8.8 High |
| Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname. | ||||
| CVE-2019-12742 | 1 Bludit | 1 Bludit | 2024-11-21 | N/A |
| Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference (a modified username POST parameter). | ||||
| CVE-2019-12548 | 1 Bludit | 1 Bludit | 2024-11-21 | N/A |
| Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo. | ||||
| CVE-2018-16313 | 1 Bludit | 1 Bludit | 2024-11-21 | N/A |
| Bludit 2.3.4 allows XSS via a user name. | ||||
| CVE-2018-1000811 | 1 Bludit | 1 Bludit | 2024-11-21 | N/A |
| bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. This attack appear to be exploitable via malicious user have to upload a crafted payload containing PHP code. | ||||