Bloofox Bloofoxcms vulnerabilities
27 known vulnerabilities affecting bloofox/bloofoxcms.
Total CVEs
27
CISA KEV
0
Public exploits
9
Exploited in wild
0
Severity breakdown
CRITICAL11HIGH5MEDIUM10LOW1
Vulnerabilities
Page 1 of 2
CVE-2023-34752P2CRITICALCVSS 9.8PoCv0.5.2.12023-06-14
CVE-2023-34752 [CRITICAL] CWE-89 CVE-2023-34752: bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at ad
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit.
nvd
CVE-2023-34755P2CRITICALCVSS 9.8PoCv0.5.2.12023-06-14
CVE-2023-34755 [CRITICAL] CWE-89 CVE-2023-34755: bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit.
nvd
CVE-2023-34753P3CRITICALCVSS 9.8PoCv0.5.2.12023-06-14
CVE-2023-34753 [CRITICAL] CWE-89 CVE-2023-34753: bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at ad
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit.
nvd
CVE-2023-34751P3CRITICALCVSS 9.8PoCv0.5.2.12023-06-14
CVE-2023-34751 [CRITICAL] CWE-89 CVE-2023-34751: bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at ad
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit.
nvd
CVE-2023-34756P3CRITICALCVSS 9.8PoCv0.5.2.12023-06-14
CVE-2023-34756 [CRITICAL] CWE-89 CVE-2023-34756: bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at ad
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit.
nvd
CVE-2023-34754P3CRITICALCVSS 9.8PoCv0.5.2.12023-06-14
CVE-2023-34754 [CRITICAL] CWE-89 CVE-2023-34754: bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at ad
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit.
nvd
CVE-2008-5748P3HIGHCVSS 8.1PoCv0.3.42008-12-29
CVE-2008-5748 [HIGH] CWE-22 CVE-2008-5748: Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows rem
Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters.
nvd
CVE-2010-4870P3HIGHCVSS 7.5PoCv0.3.52011-10-07
CVE-2010-4870 [HIGH] CWE-89 CVE-2010-4870: SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows remote attackers to execute arbi
SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows remote attackers to execute arbitrary SQL commands via the gender parameter.
nvd
CVE-2020-36082P2CRITICALCVSS 9.8v0.5.2.12023-08-11
CVE-2020-36082 [CRITICAL] CWE-434 CVE-2020-36082: File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrar
File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module.
nvd
CVE-2020-35760P3CRITICALCVSS 9.8v0.5.2.12021-06-16
CVE-2020-35760 [CRITICAL] CWE-434 CVE-2020-35760: bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicio
bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files).
nvd
CVE-2020-36141P3HIGHCVSS 8.8v0.5.2.12021-06-04
CVE-2020-36141 [HIGH] CWE-434 CVE-2020-36141: BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability via bypass MIME Type validation by
BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability via bypass MIME Type validation by inserting 'image/jpeg' within the 'Content-Type' header.
nvd
CVE-2023-27812P3CRITICALCVSS 9.1v0.5.22023-04-13
CVE-2023-27812 [CRITICAL] CWE-22 CVE-2023-27812: bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_fil
bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file() function.
nvd
CVE-2022-28528P3HIGHCVSS 8.8v0.5.2.12022-04-26
CVE-2022-28528 [HIGH] CWE-434 CVE-2022-28528: bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/inde
bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit.
nvd
CVE-2021-44610P3CRITICALCVSS 9.8≥ 0.5.1, ≤ 0.5.2.12022-02-24
CVE-2021-44610 [CRITICAL] CWE-89 CVE-2021-44610: Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) URLs, (2) lan
Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) URLs, (2) lang_id, (3) tmpl_id, (4) mod_rewrite (5) eta_doctype. (6) meta_charset, (7) default_group, and (8) page group parameters in the settings mode in admin/index.php.
nvd
CVE-2023-29597P3HIGHCVSS 8.8v0.5.22023-04-13
CVE-2023-29597 [HIGH] CWE-89 CVE-2023-29597: bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?
bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1.
nvd
CVE-2023-34750P3CRITICALCVSS 9.8v0.5.2.12023-06-14
CVE-2023-34750 [CRITICAL] CWE-89 CVE-2023-34750: bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at ad
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit.
nvd
CVE-2009-4522P4MEDIUMCVSS 4.3PoCv0.3.52009-12-31
CVE-2009-4522 [MEDIUM] CWE-79 CVE-2009-4522: Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCMS 0.3.5 allows remote attacker
Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCMS 0.3.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter to index.php. NOTE: some of these details are obtained from third party information.
nvd
CVE-2020-36142P3MEDIUMCVSS 6.5v0.5.2.12021-06-04
CVE-2020-36142 [MEDIUM] CWE-22 CVE-2020-36142: BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserting '../' payloads within the '
BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserting '../' payloads within the 'fileurl' parameter.
nvd
CVE-2023-23151P4MEDIUMCVSS 6.5v0.5.2.12023-01-26
CVE-2023-23151 [MEDIUM] CWE-404 CVE-2023-23151: bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deletion vulnerability via the compo
bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deletion vulnerability via the component /include/inc_content_media.php.
nvd
CVE-2020-35761P4MEDIUMCVSS 5.4v0.5.2.12021-06-16
CVE-2020-35761 [MEDIUM] CWE-79 CVE-2020-35761: bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers to execute arbitrary JS/HTML Co
bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers to execute arbitrary JS/HTML Code.
nvd
1 / 2Next →