Vulnerabilities > Bludit > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-09-01 CVE-2020-20495 Unspecified vulnerability in Bludit 3.13.0
bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup' parameter.
network
low complexity
bludit
critical
 9.1
9.1
2021-08-20 CVE-2020-18879 Unrestricted Upload of File with Dangerous Type vulnerability in Bludit 3.8.1
Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'.
network
low complexity
bludit CWE-434
critical
 9.8
9.8
2020-10-02 CVE-2020-18190 Path Traversal vulnerability in Bludit 3.8.1
Bludit v3.8.1 is affected by directory traversal.
network
low complexity
bludit CWE-22
critical
 9.1
9.1
2019-10-06 CVE-2019-17240 Improper Restriction of Excessive Authentication Attempts vulnerability in Bludit 3.9.2
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
network
low complexity
bludit CWE-307
critical
 9.8
9.8