bagesoft/bagecms

bagesoft/bagecms

Unavailable

This project is no longer available (or publicly accessible) from GitHub

Releases0

Stars4

bagecms

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-37122 ↗	Jul 6, 2023Thursday, 6 July 2023, 15:15	5.4 MEDIUM	—
A stored cross-site scripting (XSS) vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module.
CVE-2019-8421 ↗	Feb 17, 2019Sunday, 17 February 2019, 22:29	—	6.5 MEDIUM
upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter.
CVE-2018-19560 ↗	Nov 26, 2018Monday, 26 November 2018, 07:29	—	9.3 HIGH
BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account.
CVE-2018-19104 ↗	Nov 8, 2018Thursday, 8 November 2018, 08:29	—	6.8 MEDIUM
In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges.
CVE-2018-14582 ↗	Jul 24, 2018Tuesday, 24 July 2018, 16:29	—	6.8 MEDIUM
index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account.