CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24554 – Bludit - Insecure Token Generation
https://notcve.org/view.php?id=CVE-2024-24554
24 Jun 2024 — Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API. Bludit utiliza métodos predecibles en combinación con el algoritmo hash MD5 para generar tokens confidenciales, como el token API y el token de usuario. Esto permite a los atacantes autenticarse en la API de Bludit. • https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit • CWE-287: Improper Authentication CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24553 – Bludit uses SHA1 as Password Hashing Algorithm
https://notcve.org/view.php?id=CVE-2024-24553
24 Jun 2024 — Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could determine cleartext passwords with brute-force attacks due to the inherent speed of SHA-1. In addition, the salt that is computed by Bludit is generated with a non-cryptographically secure function. Bludit utiliza el algoritmo hash SHA-1 para calcular hashes de contraseñas. Por lo tanto, los atacantes podrían determinar contraseñas de texto sin cifrar con ataques de fuerza bruta debido a la velocidad inherente de SHA-1... • https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20210
https://notcve.org/view.php?id=CVE-2020-20210
26 Jun 2023 — Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/ajax/upload-images. Bludit versión 3.9.2 es vulnerable a ejecución de código remoto (RCE) a través de "/admin/ajax/upload-images". • https://github.com/bludit/bludit/issues/1079 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19228
https://notcve.org/view.php?id=CVE-2020-19228
11 May 2022 — An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files. Se ha encontrado un problema en bludit versión v3.13.0, una implementación no segura del plugin de copia de seguridad permite a atacantes cargar archivos arbitrarios • http://bludit.com • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1590 – Bludit New Content Module new-content cross site scripting
https://notcve.org/view.php?id=CVE-2022-1590
05 May 2022 — A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely but requires an authentication. • https://github.com/joinia/webray.com.cn/blob/main/Bludit/Bluditreadme.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45745
https://notcve.org/view.php?id=CVE-2021-45745
06 Jan 2022 — A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) almacenada en Bludit versión 3.13.1, por medio del plugin About en el panel de acceso. • https://github.com/plsanu/CVE-2021-45745 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45744
https://notcve.org/view.php?id=CVE-2021-45744
06 Jan 2022 — A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) almacenada en Bludit versión 3.13.1, por medio de la sección TAGS en el panel de acceso. • https://github.com/plsanu/CVE-2021-45744 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 4%CPEs: 1EXPL: 3CVE-2021-35323 – Bludit 3.13.1 - 'username' Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-35323
19 Oct 2021 — Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en bludit versión 3-13-1 por medio del nombre de usuario en admin/login Bludit version 3.13.1 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/50529 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20495
https://notcve.org/view.php?id=CVE-2020-20495
31 Aug 2021 — bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup' parameter. bludit versión v3.13.0 contiene una vulnerabilidad de eliminación de archivos arbitraria en el plugin de copia de seguridad por medio del parámetro "deleteBackup" • https://github.com/bludit/bludit/issues/1246 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2020-18879
https://notcve.org/view.php?id=CVE-2020-18879
20 Aug 2021 — Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'. Una Carga de Archivos sin Restricciones en Bludit versión v3.8.1, permite a atacantes remotos ejecutar código arbitrario subiendo archivos maliciosos por medio de el componente "bl-kereln/ajax/upload-logo.php". • https://github.com/bludit/bludit/issues/1011 • CWE-434: Unrestricted Upload of File with Dangerous Type •