Skip to main content

Baijiacms

9 CVEs product

Monthly

CVE-2022-45942 HIGH POC THREAT This Week

A Remote Code Execution (RCE) vulnerability was found in includes/baijiacms/common.inc.php in baijiacms v4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Command Injection Baijiacms
NVD GitHub
CVSS 3.1
8.8
EPSS
22.0%
CVE-2022-38931 HIGH POC This Week

A Server-Side Request Forgery (SSRF) in fetch_net_file_upload function of baijiacmsV4 v4.1.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Baijiacms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-35150 CRITICAL POC Act Now

Baijicms v4 was discovered to contain an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Baijiacms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2019-7568 CRITICAL POC Act Now

An issue was discovered in baijiacms V4 that can result in time-based blind SQL injection to get data via the cate parameter in an index.php?act=index request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Baijiacms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-16725 MEDIUM POC This Month

An issue is discovered in baijiacms V4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Baijiacms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16724 CRITICAL POC Act Now

An issue is discovered in baijiacms V4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Baijiacms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-10503 HIGH POC This Week

An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Baijiacms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2018-10249 HIGH POC This Week

baijiacms V3 has CSRF via index.php?mod=site&op=edituser&name=manager&do=user to add an administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Baijiacms
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-10219 MEDIUM This Month

baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Baijiacms
NVD GitHub
CVSS 3.0
5.3
EPSS
0.9%
EPSS 22% CVSS 8.8
HIGH POC THREAT This Week

A Remote Code Execution (RCE) vulnerability was found in includes/baijiacms/common.inc.php in baijiacms v4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Command Injection +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

A Server-Side Request Forgery (SSRF) in fetch_net_file_upload function of baijiacmsV4 v4.1.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Baijiacms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Baijicms v4 was discovered to contain an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Baijiacms
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in baijiacms V4 that can result in time-based blind SQL injection to get data via the cate parameter in an index.php?act=index request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Baijiacms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An issue is discovered in baijiacms V4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Baijiacms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An issue is discovered in baijiacms V4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Baijiacms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Baijiacms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

baijiacms V3 has CSRF via index.php?mod=site&op=edituser&name=manager&do=user to add an administrator account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Baijiacms
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Baijiacms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy