Vulnerabilities > Bagesoft > High

DATE CVE VULNERABILITY TITLE RISK
2019-02-17 CVE-2019-8421 SQL Injection vulnerability in Bagesoft Bagecms 3.1.0/3.1.3/3.1.4
upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter.
network
low complexity
bagesoft CWE-89
7.2
7.2
2018-11-26 CVE-2018-19560 Cross-Site Request Forgery (CSRF) vulnerability in Bagesoft Bagecms 3.1.3
BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account.
network
low complexity
bagesoft CWE-352
8.8
8.8
2018-11-08 CVE-2018-19104 Cross-Site Request Forgery (CSRF) vulnerability in Bagesoft Bagecms 3.1.3
In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges.
network
low complexity
bagesoft CWE-352
8.8
8.8
2018-10-11 CVE-2018-18257 Path Traversal vulnerability in Bagesoft Bagecms 3.1.3
An issue was discovered in BageCMS 3.1.3.
network
low complexity
bagesoft CWE-22
7.5
7.5
2018-07-24 CVE-2018-14582 Cross-Site Request Forgery (CSRF) vulnerability in Bagesoft Bagecms 3.1.3
index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account.
network
low complexity
bagesoft CWE-352
8.8
8.8