Vulnerabilities > Bloofox > Bloofoxcms > 0.5.2.1

DATE CVE VULNERABILITY TITLE RISK
2020-12-25 CVE-2020-35709 Path Traversal vulnerability in Bloofox Bloofoxcms 0.5.2.1
bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with "Content-Type: application/octet-stream") to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal.
network
low complexity
bloofox CWE-22
4.0
4.0