uasoft-indonesia/badaso

uasoft-indonesia/badaso

badaso.uatech.co.id

Releases126

Frequency1 week 5 days

Last Release about 1 year ago

Stars1.25K

Laravel Vue headless CMS / admin panel / dashboard / builder / API CRUD generator, anything !

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-52353 ↗	Aug 26, 2025Tuesday, 26 August 2025, 20:15	9.8 CRITICAL	—
An arbitrary code execution vulnerability in Badaso CMS 2.9.11. The Media Manager allows authenticated users to upload files containing embedded PHP code via the file-upload endpoint, bypassing content-type validation. When such a file is accessed via its URL, the server executes the PHP payload, enabling an attacker to run arbitrary system commands and achieve full compromise of the underlying host. This has been demonstrated by embedding a backdoor within a PDF and renaming it with a .php extension.
CVE-2022-41705 ↗	Nov 25, 2022Friday, 25 November 2022, 18:15	9.8 CRITICAL	—
Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.
CVE-2022-41711 ↗	Oct 25, 2022Tuesday, 25 October 2022, 21:15	9.8 CRITICAL	—
Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.