Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-41705: GitHub - uasoft-indonesia/badaso: Laravel Vue headless CMS / admin panel / dashboard / builder / API CRUD generator, anything !

Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.

CVE
#web#ios#android#mac#windows#google#linux#js#git#java#perl#auth

The API & platform builder, build your apps 10x faster, even more.

It’s open source & 100% free !

Try live demo

Why badaso ?

  • 100% FREE - No need for extra thinking about finance to adopt badaso
  • Modern PWA Dashboard - Fast and SPA based on Vue.js with PWA technology
  • Native installation - Lazy to open the browser? Install badaso on Windows, Linux, MacOS, Android & iOS
  • Working offline - No more f*cked with a bad internet connection, badaso can running offline
  • Headless - Badaso use JWT authentication & authorization as default
  • Seamless integration - Badaso use Rest API & GraphQL, no need to develop API for your mobile & IoT
  • Modern design - Keep your system design amazing and up to date
  • Secure - Build based on laravel make it secure as laravel
  • Modular - Install custom library in seconds like your other laravel projects
  • Scalable - Like your other laravel projects
  • Easy maintenance - Like your other laravel projects
  • Long time support - Great choice for your long-term project, maintain by uasoft

Badaso features

  • Advanced CRUD generator - Build your application faster and be more productive
  • API generator - Integrate your application (mobile, desktop, even IoT) through Rest API & GraphQL
  • User management - Manage your application user
  • Role management - Your application user can have a different role
  • Permission management - Each role has different access permission
  • Menu management - Manage your application menu so easy and faster
  • Database management - Handle your database migration via application
  • Activity logging - Keep your system safe, know who makes the trouble
  • Log UI viewer - No need to open your server to check the log, just stay focused on your application
  • Daily database backup - Keep your valuable database safety
  • Media manager - Manage your local & cloud media via application
  • Many more!

Live demo

Click here for live demo (some error may happen because random test by a lot of random people)

The live demo will reset every 1 hour

Getting started (installation, how to use & more)

You can see official badaso documentation.

Support Badaso

To keep badaso up to date and support this awesome long-term project you also can donate to badaso.

We appreciate it so much and will keep badaso up to update and support your awesome long-term projects!

  • Become a backer/sponsors on OpenCollective
  • Become a sponsor via github
  • One-time donation via Paypal
  • Direct (contact [email protected])

Good financial support will make badaso keep up to date and keep support your awesome long-term projects!

Thanks to all backers & sponsors!

Sponsors****Contributing

Thank you for considering contributing to badaso !

Please read our contributing guideline before submitting a Pull Request to the project.

Thanks to all contributors!

For documentation repo contributing click here.

Community support

For general help using badaso, please refer to the official badaso documentation.

For additional help, you can use one of these channels to ask a question:

  • Github discussion (Questions and Discussions)
  • Github issues (Bug reports, Contributions)
  • Facebook groups (Discussion for active facebook users)
  • Telegram groups (Discussion for active telegram users)
  • Youtube tutorial (For visual learner)

Credits

Thanks to these awesome projects that make badaso awesome :

  • laravel/laravel (Framework)
  • vuejs/vue (Javascript framework)
  • lusaxweb/vuesax (Vue component)
  • spatie/laravel-backup (automation production database & application backup)
  • spatie/laravel-activitylog (logging dashboard activity)
  • spatie/flysystem-dropbox (dropbox cloud storage integration)
  • nao-pon/flysystem-google-drive (google drive cloud storage integration)
  • league/flysystem-aws-s3-v3 (aws S3 cloud storage integration)
  • guzzlehttp/guzzle (advanced http request)
  • webpatser/laravel-uuid (uuid provider)
  • lcobucci/jwt (JWT provider)
  • tymon/jwt-auth (JWT auth provider)
  • arcanedev/log-viewer (application logging GUI)
  • the-control-group/voyager (reference)
  • UniSharp/laravel-filemanager (file manager)
  • Contact us for credit here.

All financial support that badaso gets will also shared to project above to support the ecosystem and make badaso keep up to date and keep your awesome long-term projects running.

License

See the LICENSE file for licensing information.

Related news

GHSA-g389-rf5p-fg56: Badaso vulnerable to Remote Code Execution (RCE)

Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907