badaso/core
Packagist3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting badaso/corepage 1 of 1
- CVE-2022-41705CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.7.02022-11-25
vulnerable: 1.0.0 ... 2.6.3 (107 versions)
Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.
- CVE-2022-41711CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.6.12022-10-25
vulnerable: 1.0.0 ... 2.6.0 (104 versions)
Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.
- CVE-2025-52353CRITICALCVSS 9.8EG 9.82025-08-26
vulnerable: 1.0.0 ... 2.9.9 (124 versions)
An arbitrary code execution vulnerability in Badaso CMS 2.9.11. The Media Manager allows authenticated users to upload files containing embedded PHP code via the file-upload endpoint, bypassing content-type validation. When such a file is …
Check whether badaso/core is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for badaso/core CVEs against the assets you own.
Start Free Scan →