62 matches found
BageCms v3.1.0 Code Execution Vulnerability at Backend Template Function
Bage Content Management System BageCms is a web content management system based on php+mysql. BageCms v3.1.0 code execution vulnerability exists at the background template function, allowing attackers to remotely execute commands and gain server privileges...
Sql injection
upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter...
CVE-2019-8421
upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter...
CVE-2019-8421
upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter...
CVE-2019-8421
upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter...
CVE-2019-8421
CVE-2019-8421 affects BageCMS up to version 3.1.4. The vulnerability is an SQL Injection in the file upload/protected/modules/admini/views/post/index.php triggered via the title or titleAlias parameters. Public references in NVD and CVE records confirm the path and parameter-based injection vecto...
CVE-2018-19560
BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account...
CVE-2018-19560
BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account...
Cross site request forgery (csrf)
BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account...
CVE-2018-19560
CVE-2018-19560 affects BageCMS 3.1.3. The vulnerability is a Cross‑Site Request Forgery (CSRF) where an attacker can trigger actions via the endpoint upload/index.php?r=admini/admin/ownerUpdate to modify a user account. Several connected sources (NVD, Red Hat, CVE registries, CNVD) corroborate th...
CVE-2018-19560
BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account...
BageCMS Cross-Site Request Forgery Vulnerability (CNVD-2019-00135)
BageCMS is a cross-platform content management system CMS based on PHP and MySQL. A cross-site request forgery vulnerability exists in BageCMS version 3.1.3. A remote attacker can exploit this vulnerability to modify user accounts with the help of the upload/index.php?r=admini/admin/ownerUpdate U...
CVE-2018-19104
In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges...
Design/Logic Flaw
In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges...
CVE-2018-19104
In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges...
CVE-2018-19104
In BageCMS 3.1.3, the upload/index.php endpoint has a CSRF vulnerability that can be used to upload arbitrary files and gain server privileges. This is confirmed by the NVD entry CVE-2018-19104 and related records (no remediation details provided in the supplied documents). The exploit vector is ...
CVE-2018-19104
In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges...
SQL Injection Vulnerability in BageCms in***.php File
BageCms is a multi-functional open source web content management system based on php5+mysql5 development. BageCms in.php file has a SQL injection vulnerability. An attacker can exploit the vulnerability to obtain sensitive database information...
CVE-2018-18258
An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI...
CVE-2018-18257
An issue was discovered in BageCMS 3.1.3. An attacker can delete any files and folders on the web server via an index.php?r=admini/template/batch&command=deleteFile&fileName= or index.php?r=admini/template/batch&command=deleteFolder&folderName=../ directory traversal URI...