Latest bloofox bloofoxcms Vulnerabilities

CVE-2020-36082
File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module.
Bloofox Bloofoxcms=0.5.2.1
CVE-2023-34755
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit.
Bloofox Bloofoxcms=0.5.2.1
Apple macOS
CVE-2023-34753
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit.
Bloofox Bloofoxcms=0.5.2.1
Apple macOS
CVE-2023-34752
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit.
Bloofox Bloofoxcms=0.5.2.1
Apple macOS
CVE-2023-34754
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit.
Bloofox Bloofoxcms=0.5.2.1
Apple macOS
CVE-2023-34750
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit.
Bloofox Bloofoxcms=0.5.2.1
Apple macOS
CVE-2023-34756
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit.
Bloofox Bloofoxcms=0.5.2.1
Apple macOS
CVE-2023-34751
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit.
Bloofox Bloofoxcms=0.5.2.1
Apple macOS
CVE-2023-27812
bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file() function.
Bloofox Bloofox=0.5.2
Bloofox Bloofoxcms=0.5.2
CVE-2023-29597
bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1.
Bloofox Bloofox=0.5.2
Bloofox Bloofoxcms=0.5.2
CVE-2023-23151
bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deletion vulnerability via the component /include/inc_content_media.php.
Bloofox Bloofoxcms=0.5.2.1
CVE-2022-28528
bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit.
Bloofox Bloofoxcms=0.5.2.1
CVE-2021-44608
Multiple Cross Site Scripting (XSS) vulnerabilities exists in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) file parameter and (2) type parameter in an edit action in index.php.
Bloofox Bloofoxcms>=0.5.1<=0.5.2.1
CVE-2021-44610
Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) URLs, (2) lang_id, (3) tmpl_id, (4) mod_rewrite (5) eta_doctype. (6) meta_charset, (7) default_group, and (8) pag...
Bloofox Bloofoxcms>=0.5.1<=0.5.2.1
CVE-2020-35761
bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers to execute arbitrary JS/HTML Code.
Bloofox Bloofoxcms=0.5.2.1
CVE-2020-35760
bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files).
Bloofox Bloofoxcms=0.5.2.1
CVE-2020-35759
bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content (Locally/Remotely).
Bloofox Bloofoxcms=0.5.2.1
CVE-2020-36140
BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) via 'mode=settings&page=editor', as demonstrated by use of 'mode=settings&page=editor' to change any file content (Locally/Remotely).
Bloofox Bloofoxcms=0.5.2.1
=0.5.2.1
CVE-2020-36139
BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting (XSS) vulnerability by inserting a XSS payload within the 'fileurl' parameter.
Bloofox Bloofoxcms=0.5.2.1
=0.5.2.1
CVE-2020-36141
BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability via bypass MIME Type validation by inserting 'image/jpeg' within the 'Content-Type' header.
Bloofox Bloofoxcms=0.5.2.1
=0.5.2.1
CVE-2020-36142
BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserting '../' payloads within the 'fileurl' parameter.
Bloofox Bloofoxcms=0.5.2.1
=0.5.2.1
CVE-2020-35709
Bloofox Bloofoxcms=0.5.2.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203