CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24554 – Bludit - Insecure Token Generation
https://notcve.org/view.php?id=CVE-2024-24554
Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API. Bludit utiliza métodos predecibles en combinación con el algoritmo hash MD5 para generar tokens confidenciales, como el token API y el token de usuario. Esto permite a los atacantes autenticarse en la API de Bludit. • https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit • CWE-287: Improper Authentication CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24553 – Bludit uses SHA1 as Password Hashing Algorithm
https://notcve.org/view.php?id=CVE-2024-24553
Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could determine cleartext passwords with brute-force attacks due to the inherent speed of SHA-1. In addition, the salt that is computed by Bludit is generated with a non-cryptographically secure function. Bludit utiliza el algoritmo hash SHA-1 para calcular hashes de contraseñas. Por lo tanto, los atacantes podrían determinar contraseñas de texto sin cifrar con ataques de fuerza bruta debido a la velocidad inherente de SHA-1. • https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20210
https://notcve.org/view.php?id=CVE-2020-20210
Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/ajax/upload-images. Bludit versión 3.9.2 es vulnerable a ejecución de código remoto (RCE) a través de "/admin/ajax/upload-images". • https://github.com/bludit/bludit/issues/1079 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19228
https://notcve.org/view.php?id=CVE-2020-19228
An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files. Se ha encontrado un problema en bludit versión v3.13.0, una implementación no segura del plugin de copia de seguridad permite a atacantes cargar archivos arbitrarios • http://bludit.com https://github.com/bludit/bludit/issues/1242 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1590 – Bludit New Content Module new-content cross site scripting
https://notcve.org/view.php?id=CVE-2022-1590
A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely but requires an authentication. • https://github.com/joinia/webray.com.cn/blob/main/Bludit/Bluditreadme.md https://vuldb.com/?id.199060 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •