Filtered by vendor Bludit Subscriptions
Total 32 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-20210 1 Bludit 1 Bludit 2024-11-27 8.8 High
Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/ajax/upload-images.
CVE-2024-25297 1 Bludit 1 Bludit 2024-11-21 4.8 Medium
Cross Site Scripting (XSS) vulnerability in Bludit CMS version 3.15, allows remote attackers to execute arbitrary code and obtain sensitive information via edit-content.php.
CVE-2024-24552 1 Bludit 1 Bludit 2024-11-21 N/A
A session fixation vulnerability in Bludit allows an attacker to bypass the server's authentication if they can trick an administrator or any other user into authorizing a session ID of their choosing.
CVE-2024-24550 1 Bludit 1 Bludit 2024-11-21 N/A
A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files.
CVE-2023-34845 1 Bludit 1 Bludit 2024-11-21 5.4 Medium
Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration).
CVE-2023-31698 1 Bludit 1 Bludit 2024-11-21 5.4 Medium
Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration).
CVE-2023-31572 1 Bludit 1 Bludit 2024-11-21 8.8 High
An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a crafted request.
CVE-2023-24675 1 Bludit 1 Bludit 2024-11-21 4.8 Medium
Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly URL.
CVE-2023-24674 1 Bludit 1 Bludit 2024-11-21 7.8 High
Permissions vulnerability found in Bludit CMS v.4.0.0 allows local attackers to escalate privileges via the role:admin parameter.
CVE-2022-1590 1 Bludit 1 Bludit 2024-11-21 3.5 Low
A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit has been disclosed to the public and may be used.
CVE-2021-45745 1 Bludit 1 Bludit 2024-11-21 5.4 Medium
A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel.
CVE-2021-45744 1 Bludit 1 Bludit 2024-11-21 5.4 Medium
A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel.
CVE-2021-35323 1 Bludit 1 Bludit 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login.
CVE-2021-25808 1 Bludit 1 Bludit 2024-11-21 7.8 High
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.
CVE-2020-8812 1 Bludit 1 Bludit 2024-11-21 5.4 Medium
Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug.
CVE-2020-8811 1 Bludit 1 Bludit 2024-11-21 4.3 Medium
ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures.
CVE-2020-23765 1 Bludit 1 Bludit 2024-11-21 7.2 High
A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server.
CVE-2020-20495 1 Bludit 1 Bludit 2024-11-21 9.1 Critical
bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup' parameter.
CVE-2020-19228 1 Bludit 1 Bludit 2024-11-21 7.2 High
An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files.
CVE-2020-18879 1 Bludit 1 Bludit 2024-11-21 9.8 Critical
Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'.