14 matches found
CVE-2020-20210
Bludit 3.9.2 is vulnerable to Remote Code Execution RCE via /admin/ajax/upload-images...
PT-2023-11548 · Bludit · Bludit
Name of the Vulnerable Software and Affected Versions: Bludit version 3.9.2 Description: The issue allows for Remote Code Execution RCE via the "/admin/ajax/upload-images" API endpoint. This means an attacker could potentially execute malicious code on the server. Recommendations: For Bludit...
CVE-2020-20210
Bludit 3.9.2 is vulnerable to Remote Code Execution RCE via /admin/ajax/upload-images...
CVE-2020-20210
Bludit 3.9.2 is vulnerable to Remote Code Execution RCE via /admin/ajax/upload-images...
Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass
!/usr/bin/env ruby Title: Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass Author: noraj Alexandre ZANNI Author website: https://pwn.by/noraj/ Date: 2020-08-16 Vendor Homepage: https://www.bludit.com/ Software Link: https://github.com/bludit/bludit/archive/3.9.2.tar.gz Version: = 3.9.2...
Bludit Brute Force Protection Mechanism Bypass Vulnerability
Bludit is a simple, fast and secure flat file CMS. A brute force protection mechanism bypass vulnerability exists in bl-kernel/security.class.php in Bludit 3.9.2, which can be exploited by an attacker to bypass the brute force protection mechanism via a variety of forged X-Forwarded-For or...
CVE-2019-17240
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers...
Design/Logic Flaw
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers...
CVE-2019-17240
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers. Recent assessments: noraj at May 08, 2021 7:26pm UTC reported: This is just a security bypass allowing an attacker t...
CVE-2019-16113
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname...
CVE-2019-16113
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname...
Remote code execution
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname...
CVE-2019-16113
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname...
CVE-2019-16113
CVE-2019-16113 is a Bludit CMS vulnerability that allows remote code execution via an image upload function. In Bludit 3.9.2 and affected builds, the bl-kernel/ajax/upload-images.php flow can treat a crafted image filename (e.g., .jpg or .png) as PHP code, enabling the attacker to write PHP paylo...