Vulnerabilities > Bloofox > High

DATE CVE VULNERABILITY TITLE RISK
2023-04-13 CVE-2023-29597 SQL Injection vulnerability in Bloofox Bloofoxcms 0.5.2
bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1.
network
low complexity
bloofox CWE-89
8.8
8.8
2022-02-24 CVE-2021-44610 SQL Injection vulnerability in Bloofox Bloofoxcms 0.5.1/0.5.2/0.5.2.1
Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) URLs, (2) lang_id, (3) tmpl_id, (4) mod_rewrite (5) eta_doctype.
network
low complexity
bloofox CWE-89
7.5
7.5
2021-06-16 CVE-2020-35760 Unrestricted Upload of File with Dangerous Type vulnerability in Bloofox Bloofoxcms 0.5.2.1
bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files).
network
low complexity
bloofox CWE-434
7.5
7.5
2021-06-04 CVE-2020-36141 Unrestricted Upload of File with Dangerous Type vulnerability in Bloofox Bloofoxcms 0.5.2.1
BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability via bypass MIME Type validation by inserting 'image/jpeg' within the 'Content-Type' header.
network
low complexity
bloofox CWE-434
8.8
8.8
2011-10-07 CVE-2010-4870 SQL Injection vulnerability in Bloofox Bloofoxcms 0.3.5
SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows remote attackers to execute arbitrary SQL commands via the gender parameter.
network
low complexity
bloofox CWE-89
7.5
7.5
2008-12-29 CVE-2008-5748 Path Traversal vulnerability in Bloofox Bloofoxcms 0.3.4
Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters.
network
high complexity
bloofox CWE-22
8.1
8.1