Lucene search
K

14 matches found

OSV
OSV
added 2023/06/26 6:15 p.m.16 views

CVE-2020-20210

Bludit 3.9.2 is vulnerable to Remote Code Execution RCE via /admin/ajax/upload-images...

8.8CVSS7.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/06/26 12:0 a.m.4 views

PT-2023-11548 · Bludit · Bludit

Name of the Vulnerable Software and Affected Versions: Bludit version 3.9.2 Description: The issue allows for Remote Code Execution RCE via the "/admin/ajax/upload-images" API endpoint. This means an attacker could potentially execute malicious code on the server. Recommendations: For Bludit...

8.8CVSS8.9AI score0.01263EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/06/26 12:0 a.m.11 views

CVE-2020-20210

Bludit 3.9.2 is vulnerable to Remote Code Execution RCE via /admin/ajax/upload-images...

7.5AI score0.01263EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/06/26 12:0 a.m.19 views

CVE-2020-20210

Bludit 3.9.2 is vulnerable to Remote Code Execution RCE via /admin/ajax/upload-images...

9AI score0.01263EPSS
Exploits1References1
Exploit DB
Exploit DB
added 2020/08/17 12:0 a.m.319 views

Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass

!/usr/bin/env ruby Title: Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass Author: noraj Alexandre ZANNI Author website: https://pwn.by/noraj/ Date: 2020-08-16 Vendor Homepage: https://www.bludit.com/ Software Link: https://github.com/bludit/bludit/archive/3.9.2.tar.gz Version: = 3.9.2...

9.8CVSS6.8AI score0.39598EPSS
Exploits9
CNVD
CNVD
added 2019/10/08 12:0 a.m.2 views

Bludit Brute Force Protection Mechanism Bypass Vulnerability

Bludit is a simple, fast and secure flat file CMS. A brute force protection mechanism bypass vulnerability exists in bl-kernel/security.class.php in Bludit 3.9.2, which can be exploited by an attacker to bypass the brute force protection mechanism via a variety of forged X-Forwarded-For or...

9.8CVSS6.9AI score0.39598EPSS
Exploits9References1
NVD
NVD
added 2019/10/06 7:15 p.m.12 views

CVE-2019-17240

bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers...

9.8CVSS5.4AI score0.39598EPSS
Exploits9References4
Prion
Prion
added 2019/10/06 7:15 p.m.14 views

Design/Logic Flaw

bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers...

4.3CVSS9.3AI score0.39598EPSS
Exploits9References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2019/10/06 12:0 a.m.14 views

CVE-2019-17240

bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers. Recent assessments: noraj at May 08, 2021 7:26pm UTC reported: This is just a security bypass allowing an attacker t...

9.8CVSS2.4AI score0.39598EPSS
Exploits9References7
NVD
NVD
added 2019/09/08 9:15 p.m.13 views

CVE-2019-16113

Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname...

8.8CVSS9AI score0.77962EPSS
Exploits16References4
OSV
OSV
added 2019/09/08 9:15 p.m.16 views

CVE-2019-16113

Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname...

8.8CVSS7.7AI score
Exploits0References4
Prion
Prion
added 2019/09/08 9:15 p.m.18 views

Remote code execution

Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname...

6.5CVSS9AI score0.77962EPSS
Exploits16References4Affected Software1
Cvelist
Cvelist
added 2019/09/08 8:50 p.m.25 views

CVE-2019-16113

Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname...

9.1AI score0.77962EPSS
Exploits16References4
CVE
CVE
added 2019/09/08 8:50 p.m.217 views

CVE-2019-16113

CVE-2019-16113 is a Bludit CMS vulnerability that allows remote code execution via an image upload function. In Bludit 3.9.2 and affected builds, the bl-kernel/ajax/upload-images.php flow can treat a crafted image filename (e.g., .jpg or .png) as PHP code, enabling the attacker to write PHP paylo...

8.8CVSS8.8AI score0.77962EPSS
Exploits16References4Affected Software1
Rows per page
Query Builder