MidnightBSD

Advisories for bagesoft

CVE-2018-14582 MEDIUM

index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
bagesoft bagecms 3.1.3
CVE-2018-18257 MEDIUM

An issue was discovered in BageCMS 3.1.3. An attacker can delete any files and folders on the web server via an index.php?r=admini/template/batch&command=deleteFile&fileName= or index.php?r=admini/template/batch&command=deleteFolder&folderName=../ directory traversal URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
bagesoft bagecms 3.1.3
CVE-2018-18258 HIGH

An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
bagesoft bagecms 3.1.3
CVE-2018-19104 MEDIUM

In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
bagesoft bagecms 3.1.3
CVE-2018-19560 HIGH

BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-352,

Products Affected

Vendor Product Version
bagesoft bagecms 3.1.3
CVE-2019-8421 MEDIUM

upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
bagesoft bagecms *
CVE-2023-37122

A stored cross-site scripting (XSS) vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module.

Products Affected

Vendor Product Version
bagesoft bagecms 3.1.0