Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bloofox bloofoxcms vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-44610
Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) URLs, (2) lang_id, (3) tmpl_id, (4) mod_rewrite (5) eta_doctype. (6) meta_charset, (7) default_group, and (8) page group parameters in the settings mode in admin/index.php.
Bloofox Bloofoxcms
5.4
CVSSv3
CVE-2021-44608
Multiple Cross Site Scripting (XSS) vulnerabilities exists in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) file parameter and (2) type parameter in an edit action in index.php.
Bloofox Bloofoxcms
8.1
CVSSv3
CVE-2008-5748
Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote malicious users to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters.
Bloofox Bloofoxcms 0.3.4
1 EDB exploit
9.8
CVSSv3
CVE-2023-34753
bloofox v0.5.2.1 exists to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit.
Bloofox Bloofoxcms 0.5.2.1
9.8
CVSSv3
CVE-2023-34754
bloofox v0.5.2.1 exists to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit.
Bloofox Bloofoxcms 0.5.2.1
9.8
CVSSv3
CVE-2023-34755
bloofox v0.5.2.1 exists to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit.
Bloofox Bloofoxcms 0.5.2.1
9.8
CVSSv3
CVE-2023-34756
bloofox v0.5.2.1 exists to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit.
Bloofox Bloofoxcms 0.5.2.1
8.8
CVSSv3
CVE-2022-28528
bloofoxCMS v0.5.2.1 exists to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit.
Bloofox Bloofoxcms 0.5.2.1
NA
CVE-2009-4522
Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCMS 0.3.5 allows remote malicious users to inject arbitrary web script or HTML via the search parameter to index.php. NOTE: some of these details are obtained from third party information.
Bloofox Bloofoxcms 0.3.5
1 EDB exploit
9.1
CVSSv3
CVE-2023-27812
bloofox v0.5.2 exists to contain an arbitrary file deletion vulnerability via the delete_file() function.
Bloofox Bloofoxcms 0.5.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6280
CVE-2024-5346
CVE-2024-30078
CVE-2022-45803
CVE-2024-36886
SQL
CVE-2024-24553
IMAP
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »