Vulnerabilities > Bloofox

DATE	CVE	VULNERABILITY TITLE	RISK
2023-01-26	CVE-2023-23151	Unspecified vulnerability in Bloofox Bloofoxcms 0.5.2.1 bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deletion vulnerability via the component /include/inc_content_media.php. network low complexity bloofox	6.5
2022-04-26	CVE-2022-28528	Unrestricted Upload of File with Dangerous Type vulnerability in Bloofox Bloofoxcms 0.5.2.1 bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit. network low complexity bloofox CWE-434	8.8
2022-02-24	CVE-2021-44608	Cross-site Scripting vulnerability in Bloofox Bloofoxcms 0.5.1/0.5.2/0.5.2.1 Multiple Cross Site Scripting (XSS) vulnerabilities exists in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) file parameter and (2) type parameter in an edit action in index.php. network low complexity bloofox CWE-79	5.4
2022-02-24	CVE-2021-44610	SQL Injection vulnerability in Bloofox Bloofoxcms 0.5.1/0.5.2/0.5.2.1 Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) URLs, (2) lang_id, (3) tmpl_id, (4) mod_rewrite (5) eta_doctype. network low complexity bloofox CWE-89 critical	9.8
2021-06-16	CVE-2020-35759	Cross-Site Request Forgery (CSRF) vulnerability in Bloofox Bloofoxcms 0.5.2.1 bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content (Locally/Remotely). network low complexity bloofox CWE-352	6.5
2021-06-16	CVE-2020-35760	Unrestricted Upload of File with Dangerous Type vulnerability in Bloofox Bloofoxcms 0.5.2.1 bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files). network low complexity bloofox CWE-434 critical	9.8
2021-06-16	CVE-2020-35761	Cross-site Scripting vulnerability in Bloofox Bloofoxcms 0.5.2.1 bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers to execute arbitrary JS/HTML Code. network low complexity bloofox CWE-79	5.4
2021-06-16	CVE-2020-35762	Path Traversal vulnerability in Bloofox Bloofoxcms 0.5.2.1 bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files. network low complexity bloofox CWE-22	2.7
2021-06-04	CVE-2020-36139	Cross-site Scripting vulnerability in Bloofox Bloofoxcms 0.5.2.1 BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting (XSS) vulnerability by inserting a XSS payload within the 'fileurl' parameter. network low complexity bloofox CWE-79	5.4
2021-06-04	CVE-2020-36140	Cross-Site Request Forgery (CSRF) vulnerability in Bloofox Bloofoxcms 0.5.2.1 BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) via 'mode=settings&page=editor', as demonstrated by use of 'mode=settings&page=editor' to change any file content (Locally/Remotely). network low complexity bloofox CWE-352	6.5

Vulnerabilities > Bloofox {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Bloofox"}]}

Vulnerabilities > Bloofox