Vulnerabilities > Bloofox

DATE CVE VULNERABILITY TITLE RISK
2021-06-04 CVE-2020-36141 Unrestricted Upload of File with Dangerous Type vulnerability in Bloofox Bloofoxcms 0.5.2.1
BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability via bypass MIME Type validation by inserting 'image/jpeg' within the 'Content-Type' header.
network
low complexity
bloofox CWE-434
8.8
2021-06-04 CVE-2020-36142 Path Traversal vulnerability in Bloofox Bloofoxcms 0.5.2.1
BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserting '../' payloads within the 'fileurl' parameter.
network
low complexity
bloofox CWE-22
6.5
2020-12-25 CVE-2020-35709 Path Traversal vulnerability in Bloofox Bloofoxcms 0.5.2.1
bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with "Content-Type: application/octet-stream") to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal.
network
low complexity
bloofox CWE-22
4.0
2011-10-07 CVE-2010-4870 SQL Injection vulnerability in Bloofox Bloofoxcms 0.3.5
SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows remote attackers to execute arbitrary SQL commands via the gender parameter.
network
low complexity
bloofox CWE-89
7.5
2009-12-31 CVE-2009-4522 Cross-Site Scripting vulnerability in Bloofox Bloofoxcms 0.3.5
Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCMS 0.3.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter to index.php.
network
bloofox CWE-79
4.3
2008-12-29 CVE-2008-5748 Path Traversal vulnerability in Bloofox Bloofoxcms 0.3.4
Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters.
network
high complexity
bloofox CWE-22
8.1