baijiacms_project CVE Vulnerabilities & Metrics

Focus on baijiacms_project vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About baijiacms_project Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with baijiacms_project. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total baijiacms_project CVEs: 11
Earliest CVE date: 19 Apr 2018, 08:29 UTC
Latest CVE date: 15 Feb 2023, 22:15 UTC

Latest CVE reference: CVE-2021-33396

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical baijiacms_project CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.81

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	4
4.0-6.9	5
7.0-8.9	2
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS baijiacms_project CVEs

These are the five CVEs with the highest CVSS scores for baijiacms_project, sorted by severity first and recency.

CVE-2019-7568 baijiacms_project Published on 07 Feb 2019, 07:29 UTC (CVSS: 7.5)
An issue was discovered in baijiacms V4 that can result in time-based blind SQL injection to get data via the cate parameter in an index.php?act=index request.
CVE-2018-16724 baijiacms_project Published on 08 Sep 2018, 15:29 UTC (CVSS: 7.5)
An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request.
CVE-2018-10503 baijiacms_project Published on 27 Apr 2018, 16:29 UTC (CVSS: 6.8)
An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser.
CVE-2018-10249 baijiacms_project Published on 20 Apr 2018, 19:29 UTC (CVSS: 6.8)
baijiacms V3 has CSRF via index.php?mod=site&op=edituser&name=manager&do=user to add an administrator account.
CVE-2018-10219 baijiacms_project Published on 19 Apr 2018, 08:29 UTC (CVSS: 5.0)
baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request.

All CVEs for baijiacms_project

CVE-2021-33396 baijiacms_project vulnerability CVSS: 0 15 Feb 2023, 22:15 UTC

Cross Site Request Forgery (CSRF) vulnerability in baijiacms 4.1.4, allows attackers to change the password or other information of an arbitrary account via index.php.

CVE-2022-45942 baijiacms_project vulnerability CVSS: 0 20 Dec 2022, 14:15 UTC

A Remote Code Execution (RCE) vulnerability was found in includes/baijiacms/common.inc.php in baijiacms v4.

CVE-2022-38931 baijiacms_project vulnerability CVSS: 0 20 Sep 2022, 20:15 UTC

A Server-Side Request Forgery (SSRF) in fetch_net_file_upload function of baijiacmsV4 v4.1.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the url parameter.

CVE-2022-35150 baijiacms_project vulnerability CVSS: 0 22 Aug 2022, 16:15 UTC

Baijicms v4 was discovered to contain an arbitrary file upload vulnerability.

CVE-2020-25873 baijiacms_project vulnerability CVSS: 4.0 29 Oct 2021, 20:15 UTC

A directory traversal vulnerability in the component system/manager/class/web/database.php was discovered in Baijiacms V4 which allows attackers to arbitrarily delete folders on the server via the "id" parameter.

CVE-2019-7568 baijiacms_project vulnerability CVSS: 7.5 07 Feb 2019, 07:29 UTC

An issue was discovered in baijiacms V4 that can result in time-based blind SQL injection to get data via the cate parameter in an index.php?act=index request.

CVE-2018-16725 baijiacms_project vulnerability CVSS: 4.3 08 Sep 2018, 15:29 UTC

An issue is discovered in baijiacms V4. XSS exists via the assets/weengine/components/zclip/ZeroClipboard.swf id parameter, aka "Non-standard use of the flash component."

CVE-2018-16724 baijiacms_project vulnerability CVSS: 7.5 08 Sep 2018, 15:29 UTC

An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request.

CVE-2018-10503 baijiacms_project vulnerability CVSS: 6.8 27 Apr 2018, 16:29 UTC

An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. CSRF allows adding an administrator account via op=edituser, changing the administrator password via op=changepwd, or deleting an account via op=deleteuser.

CVE-2018-10249 baijiacms_project vulnerability CVSS: 6.8 20 Apr 2018, 19:29 UTC

baijiacms V3 has CSRF via index.php?mod=site&op=edituser&name=manager&do=user to add an administrator account.

CVE-2018-10219 baijiacms_project vulnerability CVSS: 5.0 19 Apr 2018, 08:29 UTC

baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request.