CVE-2020-18190

2020-10-0214:15:12

Google

osv.dev

7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

65.0%

JSON

Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture.

CPENameOperatorVersion
bluditeq2.0-alpha3
bluditeq2.3.3
bluditeq0.6-beta2
bluditeq3.7.0
bluditeq0.1
bluditeq1.4
bluditeq1.5-beta2
bluditeq0.2
bluditeq3.0.0-alpha-1
bluditeq1.0-beta3

Name	Operator	Version
bludit	eq	2.0-alpha3
bludit	eq	2.3.3
bludit	eq	0.6-beta2
bludit	eq	3.7.0
bludit	eq	0.1
bludit	eq	1.4
bludit	eq	1.5-beta2
bludit	eq	0.2
bludit	eq	3.0.0-alpha-1
bludit	eq	1.0-beta3

Rows per page:

1-10 of 791

References

github.com/bludit/bludit/issues/978