Vulnerabilities > Batflat

DATE	CVE	VULNERABILITY TITLE	RISK
2022-03-01	CVE-2021-41652	Incorrect Default Permissions vulnerability in Batflat 1.3.6 Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database. network low complexity batflat CWE-276	7.5
2021-03-11	CVE-2021-27679	Cross-site Scripting vulnerability in Batflat 1.3.6 Cross-site scripting (XSS) vulnerability in Navigation in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name. network low complexity batflat CWE-79	5.4
2021-03-11	CVE-2021-27678	Cross-site Scripting vulnerability in Batflat 1.3.6 Cross-site scripting (XSS) vulnerability in Snippets in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name. network low complexity batflat CWE-79	5.4
2021-03-11	CVE-2021-27677	Cross-site Scripting vulnerability in Batflat 1.3.6 Cross-site scripting (XSS) vulnerability in Galleries in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name. network low complexity batflat CWE-79	5.4
2021-02-15	CVE-2020-35734	Code Injection vulnerability in Batflat 1.3.6 Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. network low complexity batflat CWE-94	7.2

Vulnerabilities > Batflat {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Batflat"}]}