cbcvebase.

Bloofox Bloofoxcms vulnerabilities

27 known vulnerabilities affecting bloofox/bloofoxcms.

Total CVEs
27
CISA KEV
0
Public exploits
9
Exploited in wild
0
Severity breakdown
CRITICAL11HIGH5MEDIUM10LOW1

Vulnerabilities

Page 1 of 2
CVE-2023-34752P2CRITICALCVSS 9.8PoCv0.5.2.12023-06-14
CVE-2023-34752 [CRITICAL] CWE-89 CVE-2023-34752: bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at ad bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit.
nvd
CVE-2023-34755P2CRITICALCVSS 9.8PoCv0.5.2.12023-06-14
CVE-2023-34755 [CRITICAL] CWE-89 CVE-2023-34755: bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit.
nvd
CVE-2023-34753P3CRITICALCVSS 9.8PoCv0.5.2.12023-06-14
CVE-2023-34753 [CRITICAL] CWE-89 CVE-2023-34753: bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at ad bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit.
nvd
CVE-2023-34751P3CRITICALCVSS 9.8PoCv0.5.2.12023-06-14
CVE-2023-34751 [CRITICAL] CWE-89 CVE-2023-34751: bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at ad bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit.
nvd
CVE-2023-34756P3CRITICALCVSS 9.8PoCv0.5.2.12023-06-14
CVE-2023-34756 [CRITICAL] CWE-89 CVE-2023-34756: bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at ad bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit.
nvd
CVE-2023-34754P3CRITICALCVSS 9.8PoCv0.5.2.12023-06-14
CVE-2023-34754 [CRITICAL] CWE-89 CVE-2023-34754: bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at ad bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit.
nvd
CVE-2008-5748P3HIGHCVSS 8.1PoCv0.3.42008-12-29
CVE-2008-5748 [HIGH] CWE-22 CVE-2008-5748: Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows rem Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters.
nvd
CVE-2010-4870P3HIGHCVSS 7.5PoCv0.3.52011-10-07
CVE-2010-4870 [HIGH] CWE-89 CVE-2010-4870: SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows remote attackers to execute arbi SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows remote attackers to execute arbitrary SQL commands via the gender parameter.
nvd
CVE-2020-36082P2CRITICALCVSS 9.8v0.5.2.12023-08-11
CVE-2020-36082 [CRITICAL] CWE-434 CVE-2020-36082: File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrar File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module.
nvd
CVE-2020-35760P3CRITICALCVSS 9.8v0.5.2.12021-06-16
CVE-2020-35760 [CRITICAL] CWE-434 CVE-2020-35760: bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicio bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files).
nvd
CVE-2020-36141P3HIGHCVSS 8.8v0.5.2.12021-06-04
CVE-2020-36141 [HIGH] CWE-434 CVE-2020-36141: BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability via bypass MIME Type validation by BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability via bypass MIME Type validation by inserting 'image/jpeg' within the 'Content-Type' header.
nvd
CVE-2023-27812P3CRITICALCVSS 9.1v0.5.22023-04-13
CVE-2023-27812 [CRITICAL] CWE-22 CVE-2023-27812: bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_fil bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file() function.
nvd
CVE-2022-28528P3HIGHCVSS 8.8v0.5.2.12022-04-26
CVE-2022-28528 [HIGH] CWE-434 CVE-2022-28528: bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/inde bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit.
nvd
CVE-2021-44610P3CRITICALCVSS 9.8≥ 0.5.1, ≤ 0.5.2.12022-02-24
CVE-2021-44610 [CRITICAL] CWE-89 CVE-2021-44610: Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) URLs, (2) lan Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) URLs, (2) lang_id, (3) tmpl_id, (4) mod_rewrite (5) eta_doctype. (6) meta_charset, (7) default_group, and (8) page group parameters in the settings mode in admin/index.php.
nvd
CVE-2023-29597P3HIGHCVSS 8.8v0.5.22023-04-13
CVE-2023-29597 [HIGH] CWE-89 CVE-2023-29597: bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php? bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1.
nvd
CVE-2023-34750P3CRITICALCVSS 9.8v0.5.2.12023-06-14
CVE-2023-34750 [CRITICAL] CWE-89 CVE-2023-34750: bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at ad bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit.
nvd
CVE-2009-4522P4MEDIUMCVSS 4.3PoCv0.3.52009-12-31
CVE-2009-4522 [MEDIUM] CWE-79 CVE-2009-4522: Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCMS 0.3.5 allows remote attacker Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCMS 0.3.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter to index.php. NOTE: some of these details are obtained from third party information.
nvd
CVE-2020-36142P3MEDIUMCVSS 6.5v0.5.2.12021-06-04
CVE-2020-36142 [MEDIUM] CWE-22 CVE-2020-36142: BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserting '../' payloads within the ' BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserting '../' payloads within the 'fileurl' parameter.
nvd
CVE-2023-23151P4MEDIUMCVSS 6.5v0.5.2.12023-01-26
CVE-2023-23151 [MEDIUM] CWE-404 CVE-2023-23151: bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deletion vulnerability via the compo bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deletion vulnerability via the component /include/inc_content_media.php.
nvd
CVE-2020-35761P4MEDIUMCVSS 5.4v0.5.2.12021-06-16
CVE-2020-35761 [MEDIUM] CWE-79 CVE-2020-35761: bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers to execute arbitrary JS/HTML Co bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers to execute arbitrary JS/HTML Code.
nvd
Bloofox Bloofoxcms vulnerabilities | cvebase