Every CVE whose affected-product data names Bagesoft Bagecms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2018-18258 — CVSS 9.8 (critical): An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web…
CVE-2018-19104 — CVSS 8.8 (high): In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges.
CVE-2018-14582 — CVSS 8.8 (high): index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account.
CVE-2018-19560 — CVSS 8.8 (high): BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account.
CVE-2018-18257 — CVSS 7.5 (high): An issue was discovered in BageCMS 3.1.3. An attacker can delete any files and folders on the web server via an index.php?r=admini/template/…
CVE-2019-8421 — CVSS 7.2 (high): upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter.
CVE-2023-37122 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability in Bagecms v3.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted…