5 matches found
CVE-2025-52353
An arbitrary code execution vulnerability in Badaso CMS 2.9.11. The Media Manager allows authenticated users to upload files containing embedded PHP code via the file-upload endpoint, bypassing content-type validation. When such a file is accessed via its URL, the server executes the PHP payload,...
PT-2025-34810 · Unknown · Badaso Cms
Name of the Vulnerable Software and Affected Versions: Badaso CMS version 2.9.11 Description: The Media Manager allows authenticated users to upload files containing embedded PHP code via the file-upload endpoint, bypassing content-type validation. When such a file is accessed via its URL, the...
Badaso 跨站脚本漏洞
Badaso is an open source Laravel Vue headless CMS from Uasoft Open Source. A cross-site scripting vulnerability exists in Badaso versions v.0.0.1 through v.2.9.7, which stems from a vulnerability that allows remote attackers to execute arbitrary code via a crafted payload on the Name of membe...
Badaso 跨站脚本漏洞
Badaso is an open source Laravel Vue headless CMS from Uasoft. A security vulnerability exists in Badaso versions v.0.0.1 through v.2.9.7, which stems from a vulnerability that allows remote attackers to execute arbitrary code via a crafted payload on the rack number parameter in the add new rack...
uatech Badaso Remote Command Execution Vulnerability
Badaso is an open source Laravel Vue headless CMS. A remote command execution vulnerability exists in uatech Badaso version 2.6.3, which stems from a failure to properly validate user uploaded data and can be exploited by an unauthenticated, remote attacker to remotely execute arbitrary code on t...