IDCVSSSummaryLast (major) updatePublished
CVE-2018-10219 5.0
baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request.
22-05-2018 - 17:08 19-04-2018 - 08:29
CVE-2018-10249 6.8
baijiacms V3 has CSRF via index.php?mod=site&op=edituser&name=manager&do=user to add an administrator account.
22-05-2018 - 15:00 20-04-2018 - 19:29
CVE-2018-16724 7.5
An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request.
26-10-2018 - 17:01 08-09-2018 - 15:29
CVE-2018-16725 4.3
An issue is discovered in baijiacms V4. XSS exists via the assets/weengine/components/zclip/ZeroClipboard.swf id parameter, aka "Non-standard use of the flash component."
26-10-2018 - 17:03 08-09-2018 - 15:29
CVE-2019-7568 7.5
An issue was discovered in baijiacms V4 that can result in time-based blind SQL injection to get data via the cate parameter in an index.php?act=index request.
07-02-2019 - 17:27 07-02-2019 - 07:29
CVE-2018-10503 6.8
An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser.
06-06-2018 - 13:16 27-04-2018 - 16:29
Back to Top Mark selected
Back to Top