Vulnerabilities > Bludit > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-01 | CVE-2023-24674 | Missing Authorization vulnerability in Bludit 4.0.0 Permissions vulnerability found in Bludit CMS v.4.0.0 allows local attackers to escalate privileges via the role:admin parameter. | 7.8 |
| 2023-06-26 | CVE-2020-20210 | Unrestricted Upload of File with Dangerous Type vulnerability in Bludit 3.9.2 Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/ajax/upload-images. | 8.8 |
| 2023-05-16 | CVE-2023-31572 | Unspecified vulnerability in Bludit 4.0.0 An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a crafted request. | 8.8 |
| 2022-05-11 | CVE-2020-19228 | Unrestricted Upload of File with Dangerous Type vulnerability in Bludit 3.13.0 An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files. | 7.2 |
| 2021-07-23 | CVE-2021-25808 | Code Injection vulnerability in Bludit 3.13.1 A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file. | 7.8 |
| 2021-05-21 | CVE-2020-23765 | Unrestricted Upload of File with Dangerous Type vulnerability in Bludit 3.12.0 A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. | 7.2 |
| 2019-09-08 | CVE-2019-16113 | Path Traversal vulnerability in Bludit 3.9.2 Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname. | 8.8 |
| 2019-06-05 | CVE-2019-12742 | Authorization Bypass Through User-Controlled Key vulnerability in Bludit Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. | 8.8 |
| 2019-06-03 | CVE-2019-12548 | Unrestricted Upload of File with Dangerous Type vulnerability in Bludit Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo. | 8.8 |
| 2018-12-20 | CVE-2018-1000811 | Unrestricted Upload of File with Dangerous Type vulnerability in Bludit 3.0.0 bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. | 8.8 |