Bludit : Security Vulnerabilities, CVEs, Published In 2021
Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login.
Max CVSS
6.1
EPSS Score
0.18%
Published
2021-10-19
Updated
2021-11-30
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.
Max CVSS
7.8
EPSS Score
0.15%
Published
2021-07-23
Updated
2021-08-02
A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server.
Max CVSS
7.2
EPSS Score
0.09%
Published
2021-05-21
Updated
2021-05-27
bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup' parameter.
Max CVSS
9.1
EPSS Score
0.10%
Published
2021-09-01
Updated
2021-09-08
Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'.
Max CVSS
9.8
EPSS Score
0.62%
Published
2021-08-20
Updated
2021-08-24
5 vulnerabilities found