Vulnerabilities > Bludit

DATE CVE VULNERABILITY TITLE RISK
2021-09-01 CVE-2020-20495 Unspecified vulnerability in Bludit 3.13.0
bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup' parameter.
network
bludit
5.8
2021-08-20 CVE-2020-18879 Unrestricted Upload of File with Dangerous Type vulnerability in Bludit 3.8.1
Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'.
network
low complexity
bludit CWE-434
7.5
2021-07-23 CVE-2021-25808 Code Injection vulnerability in Bludit 3.13.1
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.
network
bludit CWE-94
6.8
2021-05-21 CVE-2020-23765 Unrestricted Upload of File with Dangerous Type vulnerability in Bludit 3.12.0
A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0.
network
low complexity
bludit CWE-434
6.5
2020-10-02 CVE-2020-18190 Path Traversal vulnerability in Bludit 3.8.1
Bludit v3.8.1 is affected by directory traversal.
network
low complexity
bludit CWE-22
6.4
2020-06-24 CVE-2020-15026 Path Traversal vulnerability in Bludit 3.12.0
Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php.
network
low complexity
bludit CWE-22
4.0
2020-06-24 CVE-2020-15006 Cross-site Scripting vulnerability in Bludit 3.12.0
Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php.
network
bludit CWE-79
3.5
2020-06-06 CVE-2020-13889 Cross-site Scripting vulnerability in Bludit 3.12.0
showAlert() in the administration panel in Bludit 3.12.0 allows XSS.
network
bludit CWE-79
3.5
2020-02-07 CVE-2020-8812 Cross-site Scripting vulnerability in Bludit 3.10.0
** DISPUTED ** Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor.
network
bludit CWE-79
3.5
2020-02-07 CVE-2020-8811 Missing Authorization vulnerability in Bludit 3.10.0
ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures.
network
low complexity
bludit CWE-862
4.0