Skip to main content

Bagecms

7 CVEs product

Monthly

CVE-2023-37122 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bagecms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2019-8421 HIGH POC This Week

upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bagecms
NVD GitHub
CVSS 3.0
7.2
EPSS
1.2%
CVE-2018-19560 HIGH POC This Week

BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Bagecms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-19104 HIGH POC This Week

In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Bagecms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-18258 CRITICAL POC Act Now

An issue was discovered in BageCMS 3.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Bagecms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-18257 HIGH POC This Week

An issue was discovered in BageCMS 3.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Bagecms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-14582 HIGH POC This Week

index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Bagecms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
EPSS 0% CVSS 5.4
MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bagecms
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Bagecms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Bagecms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Bagecms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in BageCMS 3.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

An issue was discovered in BageCMS 3.1.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Bagecms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Bagecms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy