Bagecms Security Vulnerabilities and Issues — Bagecms CVE List

BagesoftBagecms

7 matches found

CVE•added 2023/07/06 12:0 a.m.•129 views

CVE-2023-37122

CVE-2023-37122 describes a stored XSS in Bagecms v3.1.0, exploitable via the Custom Settings module. The root cause cited across sources is inadequate input filtering/escaping in that module, allowing arbitrary web script or HTML execution. Public references consistently name BageCMS 3.1.0 and no...

5.4CVSS5.2AI score0.00104EPSS

CVE•added 2018/07/24 4:0 p.m.•41 views

CVE-2018-14582

CVE-2018-14582 affects BageCMS v3.1.3, where a CSRF flaw in index.php?r=admini/admin/create allows a remote attacker to add a background administrator account. The issue is documented across multiple sources (NVD, Red Hat, CNVD, CVE records) with no explicit patch/version remediation details in t...

8.8CVSS8.5AI score0.00168EPSS

CVE•added 2018/11/08 8:0 a.m.•40 views

CVE-2018-19104

In BageCMS 3.1.3, the upload/index.php endpoint has a CSRF vulnerability that can be used to upload arbitrary files and gain server privileges. This is confirmed by the NVD entry CVE-2018-19104 and related records (no remediation details provided in the supplied documents). The exploit vector is ...

8.8CVSS8.7AI score0.00138EPSS

Web

CVE•added 2018/10/11 8:0 p.m.•37 views

CVE-2018-18257

CVE-2018-18257 affects BageCMS 3.1.3. The issue is a directory-traversal in the admin template batch deleteFile/deleteFolder endpoints (index.php?r=admini/template/batch&command=deleteFile&fileName=… or &command=deleteFolder&folderName=..…), allowing an attacker to delete arbitrary files and fold...

7.5CVSS7.5AI score0.00336EPSS

Web

CVE•added 2018/11/26 7:0 a.m.•37 views

CVE-2018-19560

CVE-2018-19560 affects BageCMS 3.1.3. The vulnerability is a Cross‑Site Request Forgery (CSRF) where an attacker can trigger actions via the endpoint upload/index.php?r=admini/admin/ownerUpdate to modify a user account. Several connected sources (NVD, Red Hat, CVE registries, CNVD) corroborate th...

9.3CVSS8.5AI score0.0015EPSS

CVE•added 2018/10/11 8:0 p.m.•36 views

CVE-2018-18258

CVE-2018-18258 affects BageCMS 3.1.3. The vulnerability allows an attacker to execute arbitrary PHP code on the web server and read any file via the URI index.php?r=admini/template/updateTpl&filename=, indicating a server-side code execution and information disclosure risk. The NVD entry assigns ...

9.8CVSS9.5AI score0.00486EPSS

Web

CVE•added 2019/02/17 10:0 p.m.•36 views

CVE-2019-8421

CVE-2019-8421 affects BageCMS up to version 3.1.4. The vulnerability is an SQL Injection in the file upload/protected/modules/admini/views/post/index.php triggered via the title or titleAlias parameters. Public references in NVD and CVE records confirm the path and parameter-based injection vecto...

7.2CVSS7.5AI score0.00282EPSS

Web