CyberSec.Space Logo
Back to CVE Browser

CVE-2021-44302

HIGH
8.8
CVSS Severity Score
EPSS Score0.1650%
EPSS Percentile38.76th
PublishedFeb 19, 2022
Last ModifiedNov 21, 2024

Vulnerability Description

BaiCloud-cms v2.5.7 was discovered to contain multiple SQL injection vulnerabilities via the tongji and baidu_map parameters in /user/ztconfig.php.

Affected Platforms (CPE)

📦
Baicloud Cms Project

Baicloud Cms

= 2.5.7

References & Advisories

🔗 https://github.com/relightsec/BaiCloud/blob/main/README.md
🔗 https://github.com/relightsec/BaiCloud/blob/main/README.md

Related Vulnerabilities

CVE-2021-417299.1

BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerability, which allows an attacker to delete arbitrary files on...

CVE-2021-4422810.0

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration...

CVE-2021-3467910.0

Thycotic Password Reset Server before 5.3.0 allows credential disclosure.

CVE-2021-2732910.0

Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names.