Badaso Core vulnerabilities
3 known vulnerabilities affecting badaso/core.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1
Vulnerabilities
Page 1 of 1
CVE-2025-52353P2HIGH≥ 0, ≤ 2.9.112025-08-26
CVE-2025-52353 [HIGH] CWE-434 Badaso CMS file upload vulnerability
Badaso CMS file upload vulnerability
An arbitrary code execution vulnerability in Badaso CMS 2.9.11. The Media Manager allows authenticated users to upload files containing embedded PHP code via the file-upload endpoint, bypassing content-type validation. When such a file is accessed via its URL, the server executes the PHP payload, enabling an attacker to run arbitrary system commands and achieve full compromise of the underlyi
ghsaosv
CVE-2022-41705P2CRITICAL≥ 0, < 2.7.02022-11-25
CVE-2022-41705 [CRITICAL] CWE-434 Badaso vulnerable to Remote Code Execution (RCE)
Badaso vulnerable to Remote Code Execution (RCE)
Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.
ghsaosv
CVE-2022-41711P2CRITICAL≥ 0, < 2.6.12022-10-26
CVE-2022-41711 [CRITICAL] CWE-434 Badaso vulnerable to Remote Code Execution via malicious file upload
Badaso vulnerable to Remote Code Execution via malicious file upload
Badaso allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.
ghsaosv