Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bloofox bloofoxcms 0.5.2.1 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-28528
bloofoxCMS v0.5.2.1 exists to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit.
Bloofox Bloofoxcms 0.5.2.1
5.4
CVSSv3
CVE-2020-36139
BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting (XSS) vulnerability by inserting a XSS payload within the 'fileurl' parameter.
Bloofox Bloofoxcms 0.5.2.1
6.5
CVSSv3
CVE-2020-36140
BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) via 'mode=settings&page=editor', as demonstrated by use of 'mode=settings&page=editor' to change any file content (Locally/Remotely).
Bloofox Bloofoxcms 0.5.2.1
8.8
CVSSv3
CVE-2020-36141
BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability via bypass MIME Type validation by inserting 'image/jpeg' within the 'Content-Type' header.
Bloofox Bloofoxcms 0.5.2.1
6.5
CVSSv3
CVE-2020-36142
BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserting '../' payloads within the 'fileurl' parameter.
Bloofox Bloofoxcms 0.5.2.1
9.8
CVSSv3
CVE-2023-34754
bloofox v0.5.2.1 exists to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit.
Bloofox Bloofoxcms 0.5.2.1
9.8
CVSSv3
CVE-2023-34756
bloofox v0.5.2.1 exists to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit.
Bloofox Bloofoxcms 0.5.2.1
4.9
CVSSv3
CVE-2020-35709
bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with "Content-Type: application/octet-stream") to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal.
Bloofox Bloofoxcms 0.5.2.1
6.5
CVSSv3
CVE-2020-35759
bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content (Locally/Remotely).
Bloofox Bloofoxcms 0.5.2.1
5.4
CVSSv3
CVE-2020-35761
bloofoxCMS 0.5.2.1 is infected with XSS that allows remote malicious users to execute arbitrary JS/HTML Code.
Bloofox Bloofoxcms 0.5.2.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002
CVE-2006-4304
CVE-2024-4336
CVE-2024-33437
CVE-2024-4340
CVE-2024-27956
privilege
insecure direct object reference
XSS
item search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »