CVE-2022-42092

Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to Remote Code Execution. Note: Third parties dispute this and argue that advanced permissions are required...

PT-2022-7075 · Unknown · Backdrop Cms

Name of the Vulnerable Software and Affected Versions: Backdrop CMS version 1.23.0 Description: The issue is related to a stored cross-site scripting XSS vulnerability in Backdrop CMS. This vulnerability can be exploited via Post content, allowing a remote attacker to conduct cross-site scripting...

CVE-2022-34530

An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames...

CVE-2022-34530

An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames...

CVE-2022-34530

An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames...

Default credentials

An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames...

CVE-2022-34530

CVE-2022-34530 affects Backdrop CMS v1.22.0. The issue lies in the login and password reset flow, allowing an attacker to enumerate usernames via password reset requests and receive distinct responses based on the username. The provided documents note a low confidentiality impact but do not speci...

CVE-2022-34530

An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames...

PT-2022-22191 · Unknown · Backdrop Cms

Name of the Vulnerable Software and Affected Versions: Backdrop CMS version 1.22.0 Description: An issue in the login and reset password functionality allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames. Recommendations: For...

Backdrop CMS 授权问题漏洞

Backdrop CMS is an open source content management system CMS. An authorization issue vulnerability exists in Backdrop CMS v1.22.0, which stems from a problem with the login and reset password functionality that allows an attacker to enumerate usernames via a password reset request and a different...

Backdrop CMS Cross-Site Request Forgery Vulnerability

Backdrop CMS is an open source content management system CMS. A cross-site request forgery vulnerability exists in Backdrop CMS, which stems from obtaining remote code execution RCE on a hosted web server by uploading a malicious add-on with a crafted PHP file. No details of the vulnerability are...

CVE-2021-45268

A Cross Site Request Forgery CSRF vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution RCE on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. NOTE: the vendor disputes this because the attack requires a session cook...

CVE-2021-45268

A Cross Site Request Forgery CSRF vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution RCE on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. NOTE: the vendor disputes this because the attack requires a session cook...

Cross site request forgery (csrf)

DISPUTED A Cross Site Request Forgery CSRF vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution RCE on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. NOTE: the vendor disputes this because the attack requires a...

CVE-2021-45268

CVE-2021-45268 concerns Backdrop CMS 1.20 with a CSRF vulnerability that can lead to remote code execution on the hosting server by uploading a crafted PHP add-on. The vendor notes the attack requires a high-privileged authenticated user with permission to install add-ons. Multiple sources (NVD, ...

PT-2022-12317 · Unknown · Backdrop Cms

Name of the Vulnerable Software and Affected Versions: Backdrop CMS version 1.20 Description: A Cross Site Request Forgery CSRF issue exists, allowing remote attackers to gain Remote Code Execution RCE on the hosting web server via uploading a malicious add-on with a crafted PHP file. The attack...

Backdrop CMS 1.20.0 Cross Site Request Forgery / Command Execution

Exploit Title: Backdrop CMS 1.20.0 - 'Multiple' Cross-Site Request Forgery CSRF Exploit Author: V1n1v131r4 Date: 2021-09-22 Vendor Homepage: https://backdropcms.org/ Software Link: https://github.com/backdrop/backdrop/releases/download/1.20.0/backdrop.zip Version: 1.20.0 Tested On: Kali Linux,...

Backdrop CMS 1.20.0 - Multiple Cross-Site Request Forgery Vulnerability

Exploit Title: Backdrop CMS 1.20.0 - 'Multiple' Cross-Site Request Forgery CSRF Exploit Author: V1n1v131r4 Vendor Homepage: https://backdropcms.org/ Software Link: https://github.com/backdrop/backdrop/releases/download/1.20.0/backdrop.zip Version: 1.20.0 Tested On: Kali Linux, Ubuntu 20.04...

Backdrop CMS 1.20.0 - 'Multiple' Cross-Site Request Forgery (CSRF)

Exploit Title: Backdrop CMS 1.20.0 - 'Multiple' Cross-Site Request Forgery CSRF Exploit Author: V1n1v131r4 Date: 2021-09-22 Vendor Homepage: https://backdropcms.org/ Software Link: https://github.com/backdrop/backdrop/releases/download/1.20.0/backdrop.zip Version: 1.20.0 Tested On: Kali Linux,...

Backdrop CMS 后置链接漏洞

Backdrop CMS is an open source content management system CMS. A backlink vulnerability exists in Backdrop CMS. The vulnerability stems from the use of the third-party PEAR ArchiveTar library and could allow a remote attacker to execute arbitrary code on the system...