bagesoft CVE 脆弱性と CVE 一覧（7）

製品（CPE）: — CVE 件数: 7

bagesoft 脆弱性概要

bagesoft 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

過去の問題は主に vendor risk csrf and vendor risk sql injection などに関し、一部はファイル上書きを招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移（直近24か月）

CVE	概要	ソース	CVSS 最大値	EPSS（%）	公開	更新
CVE-2023-37122	A stored cross-site scripting (XSS) vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Settings module.	[email protected]	5.4	0.08%	2023-07-06	2024-11-21
CVE-2019-8421	upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter.	[email protected]	7.2	0.28%	2019-02-17	2024-11-21
CVE-2018-19560	BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account.	[email protected]	8.8	0.15%	2018-11-26	2024-11-21
CVE-2018-19104	In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges.	[email protected]	8.8	0.14%	2018-11-08	2024-11-21
CVE-2018-18258	An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI.	[email protected]	9.8	0.51%	2018-10-11	2024-11-21
CVE-2018-18257	An issue was discovered in BageCMS 3.1.3. An attacker can delete any files and folders on the web server via an index.php?r=admini/template/batch&command=deleteFile&fileName= or index.php?r=admini/template/batch&command=deleteFolder&folderName=../ directory traversal URI.	[email protected]	7.5	0.34%	2018-10-11	2024-11-21
CVE-2018-14582	index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account.	[email protected]	8.8	0.17%	2018-07-24	2024-11-21

cvelogic Threat Intelligence