cbcvebase.

Baijiacms Project Baijiacms vulnerabilities

11 known vulnerabilities affecting baijiacms_project/baijiacms.

Total CVEs
11
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH4MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2022-45942P2HIGHCVSS 8.8≥ 4.02022-12-20
CVE-2022-45942 [HIGH] CWE-78 CVE-2022-45942: A Remote Code Execution (RCE) vulnerability was found in includes/baijiacms/common.inc.php in baijia A Remote Code Execution (RCE) vulnerability was found in includes/baijiacms/common.inc.php in baijiacms v4.
nvd
CVE-2022-35150P3CRITICALCVSS 9.8v4_1_4_201701052022-08-22
CVE-2022-35150 [CRITICAL] CWE-434 CVE-2022-35150: Baijicms v4 was discovered to contain an arbitrary file upload vulnerability. Baijicms v4 was discovered to contain an arbitrary file upload vulnerability.
nvd
CVE-2019-7568P3CRITICALCVSS 9.8v4.02019-02-07
CVE-2019-7568 [CRITICAL] CWE-89 CVE-2019-7568: An issue was discovered in baijiacms V4 that can result in time-based blind SQL injection to get dat An issue was discovered in baijiacms V4 that can result in time-based blind SQL injection to get data via the cate parameter in an index.php?act=index request.
nvd
CVE-2022-38931P3HIGHCVSS 8.8v4.1.42022-09-20
CVE-2022-38931 [HIGH] CWE-918 CVE-2022-38931: A Server-Side Request Forgery (SSRF) in fetch_net_file_upload function of baijiacmsV4 v4.1.4 allows A Server-Side Request Forgery (SSRF) in fetch_net_file_upload function of baijiacmsV4 v4.1.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the url parameter.
nvd
CVE-2018-16724P3CRITICALCVSS 9.8v4.02018-09-08
CVE-2018-16724 [CRITICAL] CWE-89 CVE-2018-16724: An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an ind An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request.
nvd
CVE-2018-10249P3HIGHCVSS 8.8v3.02018-04-20
CVE-2018-10249 [HIGH] CWE-352 CVE-2018-10249: baijiacms V3 has CSRF via index.php?mod=site&op=edituser&name=manager&do=user to add an administrato baijiacms V3 has CSRF via index.php?mod=site&op=edituser&name=manager&do=user to add an administrator account.
nvd
CVE-2018-10503P3HIGHCVSS 8.8v4_1_4_201701052018-04-27
CVE-2018-10503 [HIGH] CWE-352 CVE-2018-10503: An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. CSRF allows adding an administ An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser.
nvd
CVE-2020-25873P3MEDIUMCVSS 6.5v42021-10-29
CVE-2020-25873 [MEDIUM] CWE-22 CVE-2020-25873: A directory traversal vulnerability in the component system/manager/class/web/database.php was disco A directory traversal vulnerability in the component system/manager/class/web/database.php was discovered in Baijiacms V4 which allows attackers to arbitrarily delete folders on the server via the "id" parameter.
nvd
CVE-2021-33396P4MEDIUMCVSS 6.5v4.1.42023-02-15
CVE-2021-33396 [MEDIUM] CWE-352 CVE-2021-33396: Cross Site Request Forgery (CSRF) vulnerability in baijiacms 4.1.4, allows attackers to change the p Cross Site Request Forgery (CSRF) vulnerability in baijiacms 4.1.4, allows attackers to change the password or other information of an arbitrary account via index.php.
nvd
CVE-2018-16725P4MEDIUMCVSS 6.1v4.02018-09-08
CVE-2018-16725 [MEDIUM] CWE-79 CVE-2018-16725: An issue is discovered in baijiacms V4. XSS exists via the assets/weengine/components/zclip/ZeroClip An issue is discovered in baijiacms V4. XSS exists via the assets/weengine/components/zclip/ZeroClipboard.swf id parameter, aka "Non-standard use of the flash component."
nvd
CVE-2018-10219P4MEDIUMCVSS 5.3v3.02018-04-19
CVE-2018-10219 [MEDIUM] CWE-200 CVE-2018-10219: baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request. baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request.
nvd
Baijiacms Project Baijiacms vulnerabilities | cvebase