CVE-2022-28528: Malicious File Upload
First published: Tue Apr 26 2022(Updated: )
bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bloofox Bloofoxcms | =0.5.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this arbitrary file upload vulnerability in bloofoxCMS?
The vulnerability ID for this arbitrary file upload vulnerability in bloofoxCMS is CVE-2022-28528.
What is the severity level of CVE-2022-28528?
CVE-2022-28528 has a severity level of high.
What software version is affected by CVE-2022-28528?
The affected software version is bloofoxCMS v0.5.2.1.
How can an attacker exploit CVE-2022-28528?
An attacker can exploit CVE-2022-28528 by uploading arbitrary files through the /admin/index.php?mode=content&page=media&action=edit endpoint in bloofoxCMS.
Is there a fix available for CVE-2022-28528?
At the moment, there is no specific fix available for CVE-2022-28528. It is recommended to update to a newer version of bloofoxCMS when a patch is released.
- collector/nvd-index
- agent/weakness
- agent/tags
- agent/type
- agent/event
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/bloofox
- canonical/bloofox bloofoxcms
- version/bloofox bloofoxcms/0.5.2.1