Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/ajax/upload-images.
CVSS Score
8.8
EPSS Score
0.008
Published
2023-06-26
A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel.
CVSS Score
5.4
EPSS Score
0.03
Published
2022-01-06
A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin in login panel.
CVSS Score
5.4
EPSS Score
0.027
Published
2022-01-06
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
CVSS Score
3.7
EPSS Score
0.746
Published
2019-10-06
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-09-15
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
CVSS Score
8.8
EPSS Score
0.903
Published
2019-09-08