Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code…

bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability i…

bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protectio…

Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/logi…

Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by …

Bludit before 3.9.0 allows remote code execution for an authenticated user by uploading a php f…

Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NO…

Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary…

Bludit’s API plugin allows an authenticated attacker with a valid API token to upload files of …

bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `…

A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.13.1 via the About Plugin …

A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section …

Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, inclu…

Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ directory traversal appro…

A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execut…

An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attacke…

A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bl…

Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/ajax/upload-images.

showAlert() in the administration panel in Bludit 3.12.0 allows XSS.

An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator passwo…

Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the componen…

A security vulnerability has been identified in Bludit, allowing authenticated attackers to exe…

Bludit 2.3.4 allows XSS via a user name.

A security vulnerability has been identified in Bludit, allowing attackers with knowledge of th…

Bludit versions before 3.13.1 contain an authenticated file download vulnerability in the Backu…

In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category…

A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerabi…

In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and…

Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG edito…

Cross Site Scripting (XSS) vulnerability in Bludit CMS version 3.15, allows remote attackers to…

ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other use…

Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-u…

Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary …

A session fixation vulnerability in Bludit allows an attacker to bypass the server's authentica…

Bludit allows user's session identifier to be set before authentication. The value of this sess…

Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control fl…

Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the use…

Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensi…

Permissions vulnerability found in Bludit CMS v.4.0.0 allows local attackers to escalate privil…

Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could deter…