Bigantsoft Bigant Server vulnerabilities
10 known vulnerabilities affecting bigantsoft/bigant_server.
Total CVEs
10
CISA KEV
0
Public exploits
3
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH6MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2022-23347P1HIGHCVSS 7.5ExploitedPoCv5.6.062022-03-21
CVE-2022-23347 [HIGH] CWE-22 CVE-2022-23347: BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks
BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks.
nvd
CVE-2025-0364P2CRITICALCVSS 9.8≤ 5.6.062025-02-04
CVE-2025-0364 [CRITICAL] CWE-288 CVE-2025-0364: BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remot
BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code usin
nvd
CVE-2022-23348P3MEDIUMCVSS 5.3PoCv5.6.062022-03-21
CVE-2022-23348 [MEDIUM] CWE-916 CVE-2022-23348: BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes.
BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes.
nvd
CVE-2022-23346P3HIGHCVSS 8.8v5.6.062022-03-21
CVE-2022-23346 [HIGH] CWE-434 CVE-2022-23346: BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues.
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues.
nvd
CVE-2022-23345P3HIGHCVSS 7.5v5.6.062022-03-21
CVE-2022-23345 [HIGH] CWE-306 CVE-2022-23345: BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control.
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control.
nvd
CVE-2022-26281P3HIGHCVSS 7.5v5.6.062022-04-05
CVE-2022-26281 [HIGH] CWE-311 CVE-2022-26281: BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue.
BigAnt Server v5.6.06 was discovered to contain an incorrect access control issue.
nvd
CVE-2022-23352P3HIGHCVSS 7.5v5.6.062022-03-21
CVE-2022-23352 [HIGH] CWE-835 CVE-2022-23352: An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS).
An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS).
nvd
CVE-2009-4661P4MEDIUMCVSS 4.3PoC≤ 2.502010-03-03
CVE-2009-4661 [MEDIUM] CWE-119 CVE-2009-4661: Multiple buffer overflows in BigAnt Server 2.50 SP6 and earlier allow user-assisted remote attackers
Multiple buffer overflows in BigAnt Server 2.50 SP6 and earlier allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted ZIP file that is not properly handled when the victim uses the (1) Update or (2) Plug-In console menu item.
nvd
CVE-2022-23349P4HIGHCVSS 8.8v5.6.062022-03-21
CVE-2022-23349 [HIGH] CWE-352 CVE-2022-23349: BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF).
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF).
nvd
CVE-2022-23350P4MEDIUMCVSS 5.4v5.6.062022-03-21
CVE-2022-23350 [MEDIUM] CWE-79 CVE-2022-23350: BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnera
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability.
nvd