Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Bludit Subscribe
Total 23 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-19228 1 Bludit 1 Bludit 2022-05-18 9.0 HIGH 7.2 HIGH
An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files.
CVE-2022-1590 1 Bludit 1 Bludit 2022-05-13 3.5 LOW 5.4 MEDIUM
A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit has been disclosed to the public and may be used.
CVE-2019-16113 1 Bludit 1 Bludit 2022-04-26 6.5 MEDIUM 8.8 HIGH
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
CVE-2021-45745 1 Bludit 1 Bludit 2022-01-07 3.5 LOW 5.4 MEDIUM
A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel.
CVE-2021-45744 1 Bludit 1 Bludit 2022-01-07 3.5 LOW 5.4 MEDIUM
A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel.
CVE-2021-35323 1 Bludit 1 Bludit 2021-11-30 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login.
CVE-2020-20495 1 Bludit 1 Bludit 2021-09-08 5.8 MEDIUM 9.1 CRITICAL
bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup' parameter.
CVE-2020-18879 1 Bludit 1 Bludit 2021-08-24 7.5 HIGH 9.8 CRITICAL
Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'.
CVE-2021-25808 1 Bludit 1 Bludit 2021-08-02 6.8 MEDIUM 7.8 HIGH
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.
CVE-2019-12548 1 Bludit 1 Bludit 2021-07-21 6.5 MEDIUM 8.8 HIGH
Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo.
CVE-2020-23765 1 Bludit 1 Bludit 2021-05-27 6.5 MEDIUM 7.2 HIGH
A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server.
CVE-2019-17240 1 Bludit 1 Bludit 2020-10-21 4.3 MEDIUM 9.8 CRITICAL
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
CVE-2020-18190 1 Bludit 1 Bludit 2020-10-09 6.4 MEDIUM 9.1 CRITICAL
Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture.
CVE-2019-12742 1 Bludit 1 Bludit 2020-08-24 6.5 MEDIUM 8.8 HIGH
Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference (a modified username POST parameter).
CVE-2020-15006 1 Bludit 1 Bludit 2020-07-02 3.5 LOW 5.4 MEDIUM
Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php.
CVE-2020-15026 1 Bludit 1 Bludit 2020-06-30 4.0 MEDIUM 4.9 MEDIUM
Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php.
CVE-2020-13889 1 Bludit 1 Bludit 2020-06-09 3.5 LOW 5.4 MEDIUM
showAlert() in the administration panel in Bludit 3.12.0 allows XSS.
CVE-2020-8811 1 Bludit 1 Bludit 2020-02-10 4.0 MEDIUM 4.3 MEDIUM
ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures.
CVE-2020-8812 1 Bludit 1 Bludit 2020-02-10 3.5 LOW 5.4 MEDIUM
** DISPUTED ** Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug."
CVE-2019-16334 1 Bludit 1 Bludit 2019-09-16 3.5 LOW 4.8 MEDIUM
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636.