Vulnerabilities > Bludit

DATE	CVE	VULNERABILITY TITLE	RISK
2021-09-01	CVE-2020-20495	Unspecified vulnerability in Bludit 3.13.0 bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup' parameter. network bludit	5.8
2021-08-20	CVE-2020-18879	Unrestricted Upload of File with Dangerous Type vulnerability in Bludit 3.8.1 Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'. network low complexity bludit CWE-434	7.5
2021-07-23	CVE-2021-25808	Code Injection vulnerability in Bludit 3.13.1 A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file. network bludit CWE-94	6.8
2021-05-21	CVE-2020-23765	Unrestricted Upload of File with Dangerous Type vulnerability in Bludit 3.12.0 A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. network low complexity bludit CWE-434	6.5
2020-10-02	CVE-2020-18190	Path Traversal vulnerability in Bludit 3.8.1 Bludit v3.8.1 is affected by directory traversal. network low complexity bludit CWE-22	6.4
2020-06-24	CVE-2020-15026	Path Traversal vulnerability in Bludit 3.12.0 Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php. network low complexity bludit CWE-22	4.0
2020-06-24	CVE-2020-15006	Cross-site Scripting vulnerability in Bludit 3.12.0 Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php. network bludit CWE-79	3.5
2020-06-06	CVE-2020-13889	Cross-site Scripting vulnerability in Bludit 3.12.0 showAlert() in the administration panel in Bludit 3.12.0 allows XSS. network bludit CWE-79	3.5
2020-02-07	CVE-2020-8812	Cross-site Scripting vulnerability in Bludit 3.10.0 DISPUTED Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. network bludit CWE-79	3.5
2020-02-07	CVE-2020-8811	Missing Authorization vulnerability in Bludit 3.10.0 ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures. network low complexity bludit CWE-862	4.0

Vulnerabilities > Bludit {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Bludit"}]}

Vulnerabilities > Bludit