Vulnerabilities > Bloofox

DATE CVE VULNERABILITY TITLE RISK
2023-01-26 CVE-2023-23151 Unspecified vulnerability in Bloofox Bloofoxcms 0.5.2.1
bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deletion vulnerability via the component /include/inc_content_media.php.
network
low complexity
bloofox
6.5
6.5
2022-04-26 CVE-2022-28528 Unrestricted Upload of File with Dangerous Type vulnerability in Bloofox Bloofoxcms 0.5.2.1
bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit.
network
low complexity
bloofox CWE-434
6.5
6.5
2022-02-24 CVE-2021-44608 Cross-site Scripting vulnerability in Bloofox Bloofoxcms 0.5.1/0.5.2/0.5.2.1
Multiple Cross Site Scripting (XSS) vulnerabilities exists in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) file parameter and (2) type parameter in an edit action in index.php.
network
bloofox CWE-79
3.5
3.5
2022-02-24 CVE-2021-44610 SQL Injection vulnerability in Bloofox Bloofoxcms 0.5.1/0.5.2/0.5.2.1
Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) URLs, (2) lang_id, (3) tmpl_id, (4) mod_rewrite (5) eta_doctype.
network
low complexity
bloofox CWE-89
7.5
7.5
2021-06-16 CVE-2020-35759 Cross-Site Request Forgery (CSRF) vulnerability in Bloofox Bloofoxcms 0.5.2.1
bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content (Locally/Remotely).
network
bloofox CWE-352
4.3
4.3
2021-06-16 CVE-2020-35760 Unrestricted Upload of File with Dangerous Type vulnerability in Bloofox Bloofoxcms 0.5.2.1
bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files).
network
low complexity
bloofox CWE-434
7.5
7.5
2021-06-16 CVE-2020-35761 Cross-site Scripting vulnerability in Bloofox Bloofoxcms 0.5.2.1
bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers to execute arbitrary JS/HTML Code.
network
bloofox CWE-79
3.5
3.5
2021-06-16 CVE-2020-35762 Path Traversal vulnerability in Bloofox Bloofoxcms 0.5.2.1
bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files.
network
low complexity
bloofox CWE-22
4.0
4.0
2021-06-04 CVE-2020-36139 Cross-site Scripting vulnerability in Bloofox Bloofoxcms 0.5.2.1
BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting (XSS) vulnerability by inserting a XSS payload within the 'fileurl' parameter.
network
low complexity
bloofox CWE-79
5.4
5.4
2021-06-04 CVE-2020-36140 Cross-Site Request Forgery (CSRF) vulnerability in Bloofox Bloofoxcms 0.5.2.1
BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) via 'mode=settings&page=editor', as demonstrated by use of 'mode=settings&page=editor' to change any file content (Locally/Remotely).
network
low complexity
bloofox CWE-352
6.5
6.5