Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
Unknown

CVE-2020-23765

Disclosure Date: May 21, 2021 (last updated February 22, 2025)
A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-15026

Disclosure Date: June 24, 2020 (last updated February 21, 2025)
Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal approach for arbitrary file download via backup/plugin.php.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-15006

Disclosure Date: June 24, 2020 (last updated February 21, 2025)
Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2020-13889

Disclosure Date: June 06, 2020 (last updated February 21, 2025)
showAlert() in the administration panel in Bludit 3.12.0 allows XSS.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0