CVE-2021-25808
HIGHBludit 3.13.1 - Remote Code Execution via Crafted ZIP File in Backup Plugin
Title source: llmDescription
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/bludit/bludit/issues/1298
Scores
CVSS v3
7.8
EPSS
0.0121
EPSS Percentile
64.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (1)
bludit/bludit
3.13.1
Published
Jul 23, 2021
Tracked Since
Feb 18, 2026