Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Bloofox Subscribe
Filtered by product Bloofoxcms
Total 16 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-23151 1 Bloofox 1 Bloofoxcms 2023-02-02 N/A 6.5 MEDIUM
bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deletion vulnerability via the component /include/inc_content_media.php.
CVE-2022-28528 1 Bloofox 1 Bloofoxcms 2022-05-05 6.5 MEDIUM 8.8 HIGH
bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit.
CVE-2021-44610 1 Bloofox 1 Bloofoxcms 2022-03-03 7.5 HIGH 9.8 CRITICAL
Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) URLs, (2) lang_id, (3) tmpl_id, (4) mod_rewrite (5) eta_doctype. (6) meta_charset, (7) default_group, and (8) page group parameters in the settings mode in admin/index.php.
CVE-2021-44608 1 Bloofox 1 Bloofoxcms 2022-03-03 3.5 LOW 5.4 MEDIUM
Multiple Cross Site Scripting (XSS) vulnerabilities exists in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) file parameter and (2) type parameter in an edit action in index.php.
CVE-2020-35759 1 Bloofox 1 Bloofoxcms 2021-06-17 4.3 MEDIUM 6.5 MEDIUM
bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content (Locally/Remotely).
CVE-2020-35762 1 Bloofox 1 Bloofoxcms 2021-06-17 4.0 MEDIUM 2.7 LOW
bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files.
CVE-2020-35760 1 Bloofox 1 Bloofoxcms 2021-06-17 7.5 HIGH 9.8 CRITICAL
bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files).
CVE-2020-35761 1 Bloofox 1 Bloofoxcms 2021-06-17 3.5 LOW 5.4 MEDIUM
bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers to execute arbitrary JS/HTML Code.
CVE-2020-36142 1 Bloofox 1 Bloofoxcms 2021-06-09 4.0 MEDIUM 6.5 MEDIUM
BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserting '../' payloads within the 'fileurl' parameter.
CVE-2020-35709 1 Bloofox 1 Bloofoxcms 2021-06-09 4.0 MEDIUM 4.9 MEDIUM
bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with "Content-Type: application/octet-stream") to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal.
CVE-2020-36141 1 Bloofox 1 Bloofoxcms 2021-06-09 6.5 MEDIUM 8.8 HIGH
BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability via bypass MIME Type validation by inserting 'image/jpeg' within the 'Content-Type' header.
CVE-2020-36140 1 Bloofox 1 Bloofoxcms 2021-06-09 4.3 MEDIUM 6.5 MEDIUM
BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) via 'mode=settings&page=editor', as demonstrated by use of 'mode=settings&page=editor' to change any file content (Locally/Remotely).
CVE-2020-36139 1 Bloofox 1 Bloofoxcms 2021-06-08 3.5 LOW 5.4 MEDIUM
BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting (XSS) vulnerability by inserting a XSS payload within the 'fileurl' parameter.
CVE-2010-4870 1 Bloofox 1 Bloofoxcms 2018-10-10 7.5 HIGH N/A
SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows remote attackers to execute arbitrary SQL commands via the gender parameter.
CVE-2008-5748 1 Bloofox 1 Bloofoxcms 2017-09-28 4.3 MEDIUM N/A
Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters.
CVE-2009-4522 1 Bloofox 1 Bloofoxcms 2017-08-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCMS 0.3.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter to index.php. NOTE: some of these details are obtained from third party information.