CVE-2020-36141: Malicious File Upload
First published: Fri Jun 04 2021(Updated: )
BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability via bypass MIME Type validation by inserting 'image/jpeg' within the 'Content-Type' header.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bloofox Bloofoxcms | =0.5.2.1 | |
| =0.5.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2020-36141?
The severity of CVE-2020-36141 is high with a score of 8.8.
What is the vulnerability description of CVE-2020-36141?
CVE-2020-36141 is an Unrestricted File Upload vulnerability in BloofoxCMS 0.5.2.1 that allows bypassing MIME Type validation by inserting 'image/jpeg' within the 'Content-Type' header.
What software versions are affected by CVE-2020-36141?
BloofoxCMS versions 0.5.2.1 are affected by CVE-2020-36141.
How can the vulnerability be exploited?
The vulnerability in CVE-2020-36141 can be exploited by bypassing MIME Type validation and uploading files with a manipulated 'Content-Type' header.
Is there a fix for CVE-2020-36141?
At the moment, there is no known fix for CVE-2020-36141. It is recommended to update to a fixed version when available and apply any security patches provided by the vendor.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- vendor/bloofox
- canonical/bloofox bloofoxcms
- version/bloofox bloofoxcms/0.5.2.1