Vulnerabilities > Baijiacms Project

DATE CVE VULNERABILITY TITLE RISK
2023-02-15 CVE-2021-33396 Cross-Site Request Forgery (CSRF) vulnerability in Baijiacms Project Baijiacms 4.1.4
Cross Site Request Forgery (CSRF) vulnerability in baijiacms 4.1.4, allows attackers to change the password or other information of an arbitrary account via index.php.
network
low complexity
baijiacms-project CWE-352
6.5
6.5
2022-12-20 CVE-2022-45942 OS Command Injection vulnerability in Baijiacms Project Baijiacms 4.0/4.1.4/41420170105
A Remote Code Execution (RCE) vulnerability was found in includes/baijiacms/common.inc.php in baijiacms v4.
network
low complexity
baijiacms-project CWE-78
8.8
8.8
2021-10-29 CVE-2020-25873 Path Traversal vulnerability in Baijiacms Project Baijiacms 4
A directory traversal vulnerability in the component system/manager/class/web/database.php was discovered in Baijiacms V4 which allows attackers to arbitrarily delete folders on the server via the "id" parameter.
network
low complexity
baijiacms-project CWE-22
4.0
4.0
2019-02-07 CVE-2019-7568 SQL Injection vulnerability in Baijiacms Project Baijiacms 4.0
An issue was discovered in baijiacms V4 that can result in time-based blind SQL injection to get data via the cate parameter in an index.php?act=index request.
network
low complexity
baijiacms-project CWE-89
7.5
7.5
2018-09-08 CVE-2018-16725 Cross-site Scripting vulnerability in Baijiacms Project Baijiacms 4.0
An issue is discovered in baijiacms V4. 		4.3
4.3
2018-09-08 CVE-2018-16724 SQL Injection vulnerability in Baijiacms Project Baijiacms 4.0
An issue is discovered in baijiacms V4.
network
low complexity
baijiacms-project CWE-89
7.5
7.5
2018-04-27 CVE-2018-10503 Cross-Site Request Forgery (CSRF) vulnerability in Baijiacms Project Baijiacms 41420170105
An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. 		6.8
6.8
2018-04-20 CVE-2018-10249 Cross-Site Request Forgery (CSRF) vulnerability in Baijiacms Project Baijiacms 3.0
baijiacms V3 has CSRF via index.php?mod=site&op=edituser&name=manager&do=user to add an administrator account. 		6.8
6.8
2018-04-19 CVE-2018-10219 Information Exposure vulnerability in Baijiacms Project Baijiacms 3.0
baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request.
network
low complexity
baijiacms-project CWE-200
5.0
5.0