Bagecms@3.1.3 Security Vulnerabilities and Issues — Bagecms@3.1.3 CVE List

Lucene search

BagesoftBagecms3.1.3

5 matches found

CVE•added 2018/11/08 8:29 a.m.•31 views

CVE-2018-19104

In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges.

8.8CVSS8.7AI score0.00459EPSS

CVE•added 2018/07/24 4:29 p.m.•30 views

CVE-2018-14582

index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account.

8.8CVSS8.5AI score0.00141EPSS

CVE•added 2018/10/11 9:1 p.m.•29 views

CVE-2018-18257

An issue was discovered in BageCMS 3.1.3. An attacker can delete any files and folders on the web server via an index.php?r=admini/template/batch&command=deleteFile&fileName= or index.php?r=admini/template/batch&command=deleteFolder&folderName=../ directory traversal URI.

7.5CVSS7.5AI score0.00336EPSS

CVE•added 2018/11/26 7:29 a.m.•28 views

CVE-2018-19560

BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account.

9.3CVSS8.5AI score0.0015EPSS

CVE•added 2018/10/11 9:1 p.m.•27 views

CVE-2018-18258

An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI.

9.8CVSS9.5AI score0.00513EPSS