Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Baijiacms Project Subscribe
Filtered by product Baijiacms
Total 11 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-33396 1 Baijiacms Project 1 Baijiacms 2023-02-22 N/A 6.5 MEDIUM
Cross Site Request Forgery (CSRF) vulnerability in baijiacms 4.1.4, allows attackers to change the password or other information of an arbitrary account via index.php.
CVE-2022-45942 1 Baijiacms Project 1 Baijiacms 2022-12-29 N/A 8.8 HIGH
A Remote Code Execution (RCE) vulnerability was found in includes/baijiacms/common.inc.php in baijiacms v4.
CVE-2022-38931 1 Baijiacms Project 1 Baijiacms 2022-09-21 N/A 8.8 HIGH
A Server-Side Request Forgery (SSRF) in fetch_net_file_upload function of baijiacmsV4 v4.1.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the url parameter.
CVE-2022-35150 1 Baijiacms Project 1 Baijiacms 2022-08-23 N/A 9.8 CRITICAL
Baijicms v4 was discovered to contain an arbitrary file upload vulnerability.
CVE-2020-25873 1 Baijiacms Project 1 Baijiacms 2021-11-03 4.0 MEDIUM 6.5 MEDIUM
A directory traversal vulnerability in the component system/manager/class/web/database.php was discovered in Baijiacms V4 which allows attackers to arbitrarily delete folders on the server via the "id" parameter.
CVE-2018-10503 1 Baijiacms Project 1 Baijiacms 2019-12-03 6.8 MEDIUM 8.8 HIGH
An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser.
CVE-2019-7568 1 Baijiacms Project 1 Baijiacms 2019-02-07 7.5 HIGH 9.8 CRITICAL
An issue was discovered in baijiacms V4 that can result in time-based blind SQL injection to get data via the cate parameter in an index.php?act=index request.
CVE-2018-16725 1 Baijiacms Project 1 Baijiacms 2018-10-26 4.3 MEDIUM 6.1 MEDIUM
An issue is discovered in baijiacms V4. XSS exists via the assets/weengine/components/zclip/ZeroClipboard.swf id parameter, aka "Non-standard use of the flash component."
CVE-2018-16724 1 Baijiacms Project 1 Baijiacms 2018-10-26 7.5 HIGH 9.8 CRITICAL
An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request.
CVE-2018-10219 1 Baijiacms Project 1 Baijiacms 2018-05-22 5.0 MEDIUM 5.3 MEDIUM
baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request.
CVE-2018-10249 1 Baijiacms Project 1 Baijiacms 2018-05-22 6.8 MEDIUM 8.8 HIGH
baijiacms V3 has CSRF via index.php?mod=site&op=edituser&name=manager&do=user to add an administrator account.