Vulnerabilities > Bloofox > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-08-11 CVE-2020-36082 Unrestricted Upload of File with Dangerous Type vulnerability in Bloofox Bloofoxcms 0.5.2.1
File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module.
network
low complexity
bloofox CWE-434
critical
 9.8
9.8
2023-06-14 CVE-2023-34750 SQL Injection vulnerability in Bloofox Bloofoxcms 0.5.2.1
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit.
network
low complexity
bloofox CWE-89
critical
 9.8
9.8
2023-06-14 CVE-2023-34751 SQL Injection vulnerability in Bloofox Bloofoxcms 0.5.2.1
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit.
network
low complexity
bloofox CWE-89
critical
 9.8
9.8
2023-06-14 CVE-2023-34752 SQL Injection vulnerability in Bloofox Bloofoxcms 0.5.2.1
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit.
network
low complexity
bloofox CWE-89
critical
 9.8
9.8
2023-06-14 CVE-2023-34753 SQL Injection vulnerability in Bloofox Bloofoxcms 0.5.2.1
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit.
network
low complexity
bloofox CWE-89
critical
 9.8
9.8
2023-06-14 CVE-2023-34754 SQL Injection vulnerability in Bloofox Bloofoxcms 0.5.2.1
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit.
network
low complexity
bloofox CWE-89
critical
 9.8
9.8
2023-06-14 CVE-2023-34755 SQL Injection vulnerability in Bloofox Bloofoxcms 0.5.2.1
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit.
network
low complexity
bloofox CWE-89
critical
 9.8
9.8
2023-06-14 CVE-2023-34756 SQL Injection vulnerability in Bloofox Bloofoxcms 0.5.2.1
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit.
network
low complexity
bloofox CWE-89
critical
 9.8
9.8
2023-04-13 CVE-2023-27812 Path Traversal vulnerability in Bloofox Bloofoxcms 0.5.2
bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file() function.
network
low complexity
bloofox CWE-22
critical
 9.1
9.1