Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bloofox bloofoxcms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-4522
Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCMS 0.3.5 allows remote malicious users to inject arbitrary web script or HTML via the search parameter to index.php. NOTE: some of these details are obtained from third party information.
Bloofox Bloofoxcms 0.3.5
1 EDB exploit
4.9
CVSSv3
CVE-2020-35709
bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with "Content-Type: application/octet-stream") to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal.
Bloofox Bloofoxcms 0.5.2.1
9.8
CVSSv3
CVE-2020-35760
bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows malicious users to upload malicious files (ex: php files).
Bloofox Bloofoxcms 0.5.2.1
5.4
CVSSv3
CVE-2020-36139
BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting (XSS) vulnerability by inserting a XSS payload within the 'fileurl' parameter.
Bloofox Bloofoxcms 0.5.2.1
6.5
CVSSv3
CVE-2020-36140
BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) via 'mode=settings&page=editor', as demonstrated by use of 'mode=settings&page=editor' to change any file content (Locally/Remotely).
Bloofox Bloofoxcms 0.5.2.1
8.8
CVSSv3
CVE-2023-29597
bloofox v0.5.2 exists to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1.
Bloofox Bloofoxcms 0.5.2
NA
CVE-2008-0428
Multiple SQL injection vulnerabilities in the login function in system/class_permissions.php in bloofoxCMS 0.3 allow remote malicious users to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/index.php.
Bloofoxcms Bloofoxcms 0.3
1 EDB exploit
NA
CVE-2008-0427
Directory traversal vulnerability in file.php in bloofoxCMS 0.3 allows remote malicious users to read arbitrary files via a .. (dot dot) in the file parameter.
Bloo Bloofoxcms 0.3
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3