3 matches found
CVE-2022-45942
A Remote Code Execution (RCE) vulnerability was found in includes/baijiacms/common.inc.php in baijiacms v4.
CVE-2022-35150
Baijicms v4 was discovered to contain an arbitrary file upload vulnerability.
CVE-2022-38931
A Server-Side Request Forgery (SSRF) in fetch_net_file_upload function of baijiacmsV4 v4.1.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the url parameter.