Shodan
Vulnerabilities
Vulnerable Software
Bludit:  Security Vulnerabilities
CVE-2022-1590
A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit has been disclosed to the public and may be used.
CVSS Score
3.5
EPSS Score
0.003
Published
2022-05-05
CVE-2021-45744
A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel.
CVSS Score
5.4
EPSS Score
0.03
Published
2022-01-06
CVE-2021-45745
A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel.
CVSS Score
5.4
EPSS Score
0.027
Published
2022-01-06
CVE-2021-35323
Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login.
CVSS Score
6.1
EPSS Score
0.03
Published
2021-10-19
CVE-2020-20495
bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup' parameter.
CVSS Score
9.1
EPSS Score
0.006
Published
2021-09-01
CVE-2020-18879
Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'.
CVSS Score
9.8
EPSS Score
0.094
Published
2021-08-20
CVE-2021-25808
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.
CVSS Score
7.8
EPSS Score
0.005
Published
2021-07-23
CVE-2020-23765
A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server.
CVSS Score
7.2
EPSS Score
0.004
Published
2021-05-21
CVE-2020-18190
Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture.
CVSS Score
9.1
EPSS Score
0.033
Published
2020-10-02
CVE-2020-15026
Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php.
CVSS Score
4.9
EPSS Score
0.005
Published
2020-06-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved