CVSS: 8.8EPSS: 91%CPEs: 1EXPL: 15CVE-2019-16113 – Bludit 3.9.2 - Directory Traversal
https://notcve.org/view.php?id=CVE-2019-16113
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname. Bludit versión 3.9.2 permite la ejecución remota de código mediante bl-kernel/ajax/upload-images.php porque el código PHP se puede acceder con un nombre de archivo .jpg, y luego este código PHP puede escribir otro código PHP en un ../nombre de ruta. Bludit version 3.9.12 suffers from a directory traversal vulnerability. • https://www.exploit-db.com/exploits/48701 https://www.exploit-db.com/exploits/47699 https://www.exploit-db.com/exploits/48568 https://github.com/cybervaca/CVE-2019-16113 https://github.com/ynots0ups/CVE-2019-16113 https://github.com/0xConstant/CVE-2019-16113 https://github.com/hg8/CVE-2019-16113-PoC https://github.com/mind2hex/CVE-2019-16113 https://github.com/dldygnl/CVE-2019-16113 https://github.com/DXY0411/CVE-2019-16113 https://github.com/Kenun99/CVE-2019& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12742
https://notcve.org/view.php?id=CVE-2019-12742
Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference (a modified username POST parameter). Bludit anterior a 3.9.1 le permite a un usuario sin privilegios cambiar la contraseña de cualquier cuenta, incluido admin. Esto ocurre debido a la Referencia de objeto directo inseguro de bl-kernel / admin / controllers / user-password.php (un parámetro POST de nombre de usuario modificado). • https://github.com/bludit/bludit/commit/a1bb333153fa8ba29a88cfba423d810f509a2b37 https://github.com/bludit/bludit/releases/tag/3.9.1 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-12548
https://notcve.org/view.php?id=CVE-2019-12548
Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo. Bludit antes de 3.9.0 permite la ejecución remota de código para un usuario identificado cargando un archivo php mientras cambia el logotipo a través de / admin / ajax / upload-logo. • https://github.com/bludit/bludit/commit/d0843a4070c7d7fa596a7eb2130be15383013487 https://github.com/bludit/bludit/compare/5e5957c...77e85e7 https://github.com/bludit/bludit/releases/tag/3.9.0 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-1000811 – bludit Pages Editor 3.0.0 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2018-1000811
bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. This attack appear to be exploitable via malicious user have to upload a crafted payload containing PHP code. bludit 3.0.0 contiene una vulnerabilidad de subida de archivos de tipo peligroso sin restricción en la subida de contenidos en el editor de páginas que puede resultar en la ejecución remota de comandos. Este ataque parece ser explotable su un usuario malicioso sube una carga útil manipulada que contiene código PHP. bludit Pages Editor version 3.0.0 suffers from a remote shell upload vulnerability. • https://www.exploit-db.com/exploits/46060 https://github.com/bludit/bludit/issues/812 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16313
https://notcve.org/view.php?id=CVE-2018-16313
Bludit 2.3.4 allows XSS via a user name. Bludit 2.3.4 permite Cross-Site Scripting (XSS) mediante un nombre de usuario. • https://blog.csdn.net/F_carry/article/details/81536424 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •