Skip to main content

Bloofoxcms

13 CVEs product

Monthly

CVE-2020-37241 MEDIUM POC This Month

bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Bloofoxcms
NVD Exploit-DB GitHub VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2023-34756 CRITICAL POC Act Now

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2023-34755 CRITICAL POC Act Now

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2023-34754 CRITICAL POC Act Now

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2023-34753 CRITICAL POC Act Now

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2023-34752 CRITICAL POC Act Now

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD VulDB
CVSS 3.1
9.8
EPSS
5.5%
CVE-2023-34751 CRITICAL POC Act Now

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2023-34750 CRITICAL POC Act Now

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-29597 HIGH POC This Week

bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-27812 CRITICAL POC Act Now

bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file() function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Bloofoxcms
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
1.2%
CVE-2023-23151 MEDIUM POC This Month

bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deletion vulnerability via the component /include/inc_content_media.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Bloofoxcms
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-28528 HIGH POC This Week

bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Bloofoxcms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-35709 MEDIUM POC This Month

bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with "Content-Type: application/octet-stream") to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Bloofoxcms
NVD GitHub
CVSS 3.1
4.9
EPSS
1.1%
EPSS 0% CVSS 6.9
MEDIUM POC This Month

bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Bloofoxcms
NVD Exploit-DB GitHub VulDB
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD VulDB
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file() function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Bloofoxcms
NVD GitHub VulDB
EPSS 1% CVSS 6.5
MEDIUM POC This Month

bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deletion vulnerability via the component /include/inc_content_media.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Bloofoxcms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Bloofoxcms
NVD GitHub
EPSS 1% CVSS 4.9
MEDIUM POC This Month

bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with "Content-Type: application/octet-stream") to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Bloofoxcms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy