Vulnerabilities > Bloofox

DATE	CVE	VULNERABILITY TITLE	RISK
2023-08-11	CVE-2020-36082	Unrestricted Upload of File with Dangerous Type vulnerability in Bloofox Bloofoxcms 0.5.2.1 File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module. network low complexity bloofox CWE-434 critical	9.8
2023-06-14	CVE-2023-34750	SQL Injection vulnerability in Bloofox Bloofoxcms 0.5.2.1 bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit. network low complexity bloofox CWE-89 critical	9.8
2023-06-14	CVE-2023-34751	SQL Injection vulnerability in Bloofox Bloofoxcms 0.5.2.1 bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit. network low complexity bloofox CWE-89 critical	9.8
2023-06-14	CVE-2023-34752	SQL Injection vulnerability in Bloofox Bloofoxcms 0.5.2.1 bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit. network low complexity bloofox CWE-89 critical	9.8
2023-06-14	CVE-2023-34753	SQL Injection vulnerability in Bloofox Bloofoxcms 0.5.2.1 bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit. network low complexity bloofox CWE-89 critical	9.8
2023-06-14	CVE-2023-34754	SQL Injection vulnerability in Bloofox Bloofoxcms 0.5.2.1 bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit. network low complexity bloofox CWE-89 critical	9.8
2023-06-14	CVE-2023-34755	SQL Injection vulnerability in Bloofox Bloofoxcms 0.5.2.1 bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit. network low complexity bloofox CWE-89 critical	9.8
2023-06-14	CVE-2023-34756	SQL Injection vulnerability in Bloofox Bloofoxcms 0.5.2.1 bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit. network low complexity bloofox CWE-89 critical	9.8
2023-04-13	CVE-2023-27812	Path Traversal vulnerability in Bloofox Bloofoxcms 0.5.2 bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file() function. network low complexity bloofox CWE-22 critical	9.1
2023-04-13	CVE-2023-29597	SQL Injection vulnerability in Bloofox Bloofoxcms 0.5.2 bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1. network low complexity bloofox CWE-89	8.8

Vulnerabilities > Bloofox {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Bloofox"}]}

Vulnerabilities > Bloofox