VYPR

BeesCMS

by BeesCMS

CVEs (6)

  • CVE-2024-31011CriApr 3, 2024
    risk 0.64cvss 9.8epss 0.01

    Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admin_template.php.

  • CVE-2018-12739HigJul 5, 2018
    risk 0.60cvss 8.8epss 0.02

    In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266.

  • CVE-2020-23572HigNov 8, 2021
    risk 0.57cvss 8.8epss 0.01

    BEESCMS v4.0 was discovered to contain an arbitrary file upload vulnerability via the component /admin/upload.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file.

  • CVE-2019-8347HigFeb 15, 2019
    risk 0.57cvss 8.8epss 0.01

    BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via the admin/admin_member.php?action=add&nav=add_web_user&admin_p_nav=user URI.

  • CVE-2018-10266HigApr 22, 2018
    risk 0.57cvss 8.8epss 0.01

    BEESCMS 4.0 has a CSRF vulnerability to add an administrator account via the admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user URI.

  • CVE-2020-22334MedMay 8, 2023
    risk 0.42cvss 6.5epss 0.00

    Cross Site Request Forgery (CSRF) vulnerability in beescms v4 allows attackers to delete the administrator account via crafted request to /admin/admin_admin.php.