Bagecms Security Vulnerabilities and Issues — Bagecms CVE List

Lucene search

BagesoftBagecms

7 matches found

CVE•added 2023/07/06 3:15 p.m.•115 views

CVE-2023-37122

A stored cross-site scripting (XSS) vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module.

5.4CVSS5.2AI score0.00082EPSS

CVE•added 2018/11/08 8:29 a.m.•31 views

CVE-2018-19104

In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges.

8.8CVSS8.7AI score0.00459EPSS

CVE•added 2018/07/24 4:29 p.m.•30 views

CVE-2018-14582

index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account.

8.8CVSS8.5AI score0.00141EPSS

CVE•added 2018/10/11 9:1 p.m.•29 views

CVE-2018-18257

An issue was discovered in BageCMS 3.1.3. An attacker can delete any files and folders on the web server via an index.php?r=admini/template/batch&command=deleteFile&fileName= or index.php?r=admini/template/batch&command=deleteFolder&folderName=../ directory traversal URI.

7.5CVSS7.5AI score0.00336EPSS

CVE•added 2018/11/26 7:29 a.m.•28 views

CVE-2018-19560

BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account.

9.3CVSS8.5AI score0.0015EPSS

CVE•added 2019/02/17 10:29 p.m.•28 views

CVE-2019-8421

upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter.

7.2CVSS7.5AI score0.00242EPSS

CVE•added 2018/10/11 9:1 p.m.•27 views

CVE-2018-18258

An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI.

9.8CVSS9.5AI score0.00513EPSS