CVE-2023-53907

High CVSS: 7.1

Bludit versions before 3.13.1 contain an authenticated file download vulnerability in the Backup Plugin that allows logged-in users to access arbitrary files. Attackers can exploit the plugin's download functionality by manipulating file path parameters to read sensitive system files through directory traversal.

Vendor

Bludit

Product

Bludit

CWE

CWE-22

Yayın Tarihi

2025-12-17 23:15:48

Güncelleme

2025-12-31 18:31:31

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-22 Bludit HIGH Bludit 2025

Referanslar

https://www.bludit.com https://www.exploit-db.com/exploits/51541 https://www.vulncheck.com/advisories/bludit-authenticated-arbitrary-file-download-via-backup-plugin

Benzer Kayıtlar

Medium

CVE-2026-25100

Bludit is vulnerable to Stored Cross-Site Scripting (XSS) in its image upload functionality. An authenticated attacker w…

Medium

CVE-2026-25101

Bludit allows user's session identifier to be set before authentication. The value of this session ID stays the same aft…

High

CVE-2026-25099

Bludit’s API plugin allows an authenticated attacker with a valid API token to upload files of any type and extension wi…

Medium

CVE-2026-27741

Bludit version 3.16.1 contains a cross-site request forgery (CSRF) vulnerability in the /admin/uninstall-plugin/ and /ad…

Medium

CVE-2026-27742

Bludit version 3.16.2 contains a stored cross-site scripting (XSS) vulnerability in the post content functionality. The…