BeesCMS
by BeesCMS
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-31011 | Cri | 0.64 | 9.8 | 0.01 | Apr 3, 2024 | Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin_template.php. | ||
| CVE-2018-12739 | Hig | 0.60 | 8.8 | 0.02 | Jul 5, 2018 | In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266. | ||
| CVE-2020-23572 | Hig | 0.57 | 8.8 | 0.01 | Nov 8, 2021 | BEESCMS v4.0 was discovered to contain an arbitrary file upload vulnerability via the component /admin/upload.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file. | ||
| CVE-2019-8347 | Hig | 0.57 | 8.8 | 0.01 | Feb 15, 2019 | BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via the admin/admin_member.php?action=add&nav=add_web_user&admin_p_nav=user URI. | ||
| CVE-2018-10266 | Hig | 0.57 | 8.8 | 0.01 | Apr 22, 2018 | BEESCMS 4.0 has a CSRF vulnerability to add an administrator account via the admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user URI. | ||
| CVE-2020-22334 | Med | 0.42 | 6.5 | 0.00 | May 8, 2023 | Cross Site Request Forgery (CSRF) vulnerability in beescms v4 allows attackers to delete the administrator account via crafted request to /admin/admin_admin.php. |
- risk 0.64cvss 9.8epss 0.01
Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin_template.php.
- risk 0.60cvss 8.8epss 0.02
In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266.
- risk 0.57cvss 8.8epss 0.01
BEESCMS v4.0 was discovered to contain an arbitrary file upload vulnerability via the component /admin/upload.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file.
- risk 0.57cvss 8.8epss 0.01
BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via the admin/admin_member.php?action=add&nav=add_web_user&admin_p_nav=user URI.
- risk 0.57cvss 8.8epss 0.01
BEESCMS 4.0 has a CSRF vulnerability to add an administrator account via the admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user URI.
- risk 0.42cvss 6.5epss 0.00
Cross Site Request Forgery (CSRF) vulnerability in beescms v4 allows attackers to delete the administrator account via crafted request to /admin/admin_admin.php.