Vulnerabilities (CVE)

Filtered by vendor Bagesoft Subscribe
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-37122 1 Bagesoft 1 Bagecms 2024-02-04 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module.
CVE-2018-19560 1 Bagesoft 1 Bagecms 2024-02-04 9.3 HIGH 8.8 HIGH
BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account.
CVE-2018-14582 1 Bagesoft 1 Bagecms 2024-02-04 6.8 MEDIUM 8.8 HIGH
index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account.
CVE-2018-19104 1 Bagesoft 1 Bagecms 2024-02-04 6.8 MEDIUM 8.8 HIGH
In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges.
CVE-2018-18257 1 Bagesoft 1 Bagecms 2024-02-04 6.4 MEDIUM 7.5 HIGH
An issue was discovered in BageCMS 3.1.3. An attacker can delete any files and folders on the web server via an index.php?r=admini/template/batch&command=deleteFile&fileName= or index.php?r=admini/template/batch&command=deleteFolder&folderName=../ directory traversal URI.
CVE-2019-8421 1 Bagesoft 1 Bagecms 2024-02-04 6.5 MEDIUM 7.2 HIGH
upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter.
CVE-2018-18258 1 Bagesoft 1 Bagecms 2024-02-04 7.5 HIGH 9.8 CRITICAL
An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI.