CVE-2018-18258

An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI...

CVE-2018-18257

An issue was discovered in BageCMS 3.1.3. An attacker can delete any files and folders on the web server via an index.php?r=admini/template/batch&command=deleteFile&fileName= or index.php?r=admini/template/batch&command=deleteFolder&folderName=../ directory traversal URI...

Design/Logic Flaw

An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI...

Directory traversal

An issue was discovered in BageCMS 3.1.3. An attacker can delete any files and folders on the web server via an index.php?r=admini/template/batch&command=deleteFile&fileName= or index.php?r=admini/template/batch&command=deleteFolder&folderName=../ directory traversal URI...

CVE-2018-18257

An issue was discovered in BageCMS 3.1.3. An attacker can delete any files and folders on the web server via an index.php?r=admini/template/batch&command=deleteFile&fileName= or index.php?r=admini/template/batch&command=deleteFolder&folderName=../ directory traversal URI...

CVE-2018-18257

CVE-2018-18257 affects BageCMS 3.1.3. The issue is a directory-traversal in the admin template batch deleteFile/deleteFolder endpoints (index.php?r=admini/template/batch&command=deleteFile&fileName=… or &command=deleteFolder&folderName=..…), allowing an attacker to delete arbitrary files and fold...

CVE-2018-18258

An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI...

CVE-2018-18258

CVE-2018-18258 affects BageCMS 3.1.3. The vulnerability allows an attacker to execute arbitrary PHP code on the web server and read any file via the URI index.php?r=admini/template/updateTpl&filename=, indicating a server-side code execution and information disclosure risk. The NVD entry assigns ...

Arbitrary File Read Vulnerability in BageCM v3.1.3

BageCms is a multi-functional open source web content management system based on php5+mysql5 development. BageCM v3.1.3 suffers from an arbitrary file reading vulnerability. The vulnerability is due to the template management function does not strictly filter the parameters, an attacker can use t...

BageCMS Cross-Site Request Forgery Vulnerability

BageCMS is a cross-platform content management system CMS based on PHP and MySQL. A cross-site request forgery vulnerability exists in the index.php?r=admini/admin/create URL in BageCMS version 3.1.3. A remote attacker can exploit the vulnerability to add a backend administrator account...

CVE-2018-14582

index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account...

CVE-2018-14582

index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account...

CVE-2018-14582

CVE-2018-14582 affects BageCMS v3.1.3, where a CSRF flaw in index.php?r=admini/admin/create allows a remote attacker to add a background administrator account. The issue is documented across multiple sources (NVD, Red Hat, CNVD, CVE records) with no explicit patch/version remediation details in t...

CVE-2018-14582

index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account...

Arbitrary File Deletion Vulnerability in BageCms

BageCms is a multi-functional open source web content management system based on php5+mysql5 development. bagecms exists arbitrary file deletion vulnerability. The vulnerability stems from the background after uploading files , delete cached files when the parameter oAttach controllable , resulti...

Arbitrary File Editing Vulnerability in bagecms v3.1.3 Version

BageCms is a multi-functional open source web content management system based on php5+mysql5 development. bagecms v3.1.3 version of the existence of arbitrary file editing vulnerability, the vulnerability stems from the file path to modify the file and to write the contents of the file are not...

SQL Injection Vulnerability in BageCms Content Management System (CNVD-2017-28290)

BageCms is a multi-functional open source web content management system based on php5+mysql5 development. BageCms content management system suffers from a SQL injection vulnerability , the vulnerability is due to the system fails to effectively filter the parameters , the attacker can use the...

SQL Injection Vulnerability in BageCms Content Management System

BageCms is a multi-functional open source web content management system based on php5+mysql5 development. BageCms content management system suffers from a SQL injection vulnerability, the vulnerability is due to the system fails to effectively filter the catalog parameters. An attacker can exploi...

SQL Injection Vulnerability in BageCms

BageCms is a multi-functional open source web content management system based on php5+mysql5 development. BageCms suffers from a SQL injection vulnerability. The lack of filtering of the 'title' parameter allows attackers to exploit the vulnerability to obtain sensitive database information...

BageCMS Management System Database Leakage Vulnerability

BageCms is a multi-functional open source web content management system based on php5+mysql5 development. A database disclosure vulnerability exists in the BageCMS management system, allowing attackers to exploit the vulnerability to obtain sensitive database information...