📦 Bludit

CVE-2020-20495 is an arbitrary file deletion vulnerability in Bludit CMS v3.13.0's backup plugin. Attackers can delete any file on the server by manipulating the 'deleteBackup' parameter. This affects...

CVE-2020-18879 is an unrestricted file upload vulnerability in Bludit CMS v3.8.1 that allows remote attackers to upload malicious files via the upload-logo.php component. This can lead to arbitrary co...

This vulnerability in Bludit allows attackers to bypass authentication by predicting sensitive tokens generated using weak MD5 hashing with predictable methods. Attackers can authenticate against the ...

CVE-2024-24552 is a session fixation vulnerability in Bludit CMS that allows attackers to hijack user sessions by tricking victims into using attacker-controlled session IDs. This affects all Bludit u...

This vulnerability in Bludit allows attackers with API token access to upload arbitrary files, including PHP files, leading to remote code execution on the server. It affects Bludit installations with...

CVE-2023-24674 is a privilege escalation vulnerability in Bludit CMS v4.0.0 that allows local attackers to gain administrative privileges by manipulating the role:admin parameter. This affects any Blu...

This vulnerability in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a crafted request. It affects any system running the vulnerable ...

This CSRF vulnerability in Bludit 3.16.1 allows attackers to trick authenticated administrators into unknowingly uninstalling plugins or installing malicious themes. Attackers can create web pages tha...

CVE-2023-53907 is an authenticated file download vulnerability in Bludit's Backup Plugin that allows logged-in users to read arbitrary files through directory traversal. Attackers can exploit this by ...