Vulnerabilities > Bludit

DATE CVE VULNERABILITY TITLE RISK
2022-05-11 CVE-2020-19228 Unrestricted Upload of File with Dangerous Type vulnerability in Bludit 3.13.0
An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files.
network
low complexity
bludit CWE-434
critical
9.0
2022-05-05 CVE-2022-1590 Cross-site Scripting vulnerability in Bludit 3.13.1
A vulnerability was found in Bludit 3.13.1.
network
bludit CWE-79
3.5
2022-01-06 CVE-2021-45744 Cross-site Scripting vulnerability in Bludit
A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel.
network
bludit CWE-79
3.5
2022-01-06 CVE-2021-45745 Cross-site Scripting vulnerability in Bludit
A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel.
network
bludit CWE-79
3.5
2021-10-19 CVE-2021-35323 Cross-site Scripting vulnerability in Bludit 3.13.1
Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login.
network
bludit CWE-79
4.3
2021-09-01 CVE-2020-20495 Unspecified vulnerability in Bludit 3.13.0
bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup' parameter.
network
bludit
5.8
2021-08-20 CVE-2020-18879 Unrestricted Upload of File with Dangerous Type vulnerability in Bludit 3.8.1
Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'.
network
low complexity
bludit CWE-434
7.5
2021-07-23 CVE-2021-25808 Code Injection vulnerability in Bludit 3.13.1
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.
network
bludit CWE-94
6.8
2021-05-21 CVE-2020-23765 Unrestricted Upload of File with Dangerous Type vulnerability in Bludit 3.12.0
A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0.
network
low complexity
bludit CWE-434
6.5
2020-10-02 CVE-2020-18190 Path Traversal vulnerability in Bludit 3.8.1
Bludit v3.8.1 is affected by directory traversal.
network
low complexity
bludit CWE-22
6.4