Shodan
Vulnerabilities
Vulnerable Software
Bludit:  >> Bludit  Security Vulnerabilities
CVE-2020-13889
showAlert() in the administration panel in Bludit 3.12.0 allows XSS.
CVSS Score
5.4
EPSS Score
0.017
Published
2020-06-06
CVE-2020-8811
ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures.
CVSS Score
4.3
EPSS Score
0.004
Published
2020-02-07
CVE-2020-8812
Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NOTE: the vendor's perspective is that this is "not a bug.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-02-07
CVE-2019-17240
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
CVSS Score
3.7
EPSS Score
0.826
Published
2019-10-06
CVE-2019-16334
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-09-15
CVE-2019-16113
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
CVSS Score
8.8
EPSS Score
0.897
Published
2019-09-08
CVE-2019-12742
Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference (a modified username POST parameter).
CVSS Score
8.8
EPSS Score
0.003
Published
2019-06-05
CVE-2019-12548
Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php file while changing the logo through /admin/ajax/upload-logo.
CVSS Score
8.8
EPSS Score
0.022
Published
2019-06-03
CVE-2018-1000811
bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. This attack appear to be exploitable via malicious user have to upload a crafted payload containing PHP code.
CVSS Score
8.8
EPSS Score
0.119
Published
2018-12-20
CVE-2018-16313
Bludit 2.3.4 allows XSS via a user name.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved