Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bloofox vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2020-36082
File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote malicious users to execute arbitrary code and escalate privileges via crafted webshell file to upload module.
Bloofox Bloofoxcms 0.5.2.1
312
VMScore
CVE-2020-36139
BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting (XSS) vulnerability by inserting a XSS payload within the 'fileurl' parameter.
Bloofox Bloofoxcms 0.5.2.1
383
VMScore
CVE-2020-36140
BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) via 'mode=settings&page=editor', as demonstrated by use of 'mode=settings&page=editor' to change any file content (Locally/Remotely).
Bloofox Bloofoxcms 0.5.2.1
356
VMScore
CVE-2020-36142
BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserting '../' payloads within the 'fileurl' parameter.
Bloofox Bloofoxcms 0.5.2.1
NA
CVE-2023-29597
bloofox v0.5.2 exists to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1.
Bloofox Bloofoxcms 0.5.2
435
VMScore
CVE-2008-5748
Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote malicious users to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters.
Bloofox Bloofoxcms 0.3.4
1 EDB exploit
NA
CVE-2023-34750
bloofox v0.5.2.1 exists to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit.
Bloofox Bloofoxcms 0.5.2.1
NA
CVE-2023-34751
bloofox v0.5.2.1 exists to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit.
Bloofox Bloofoxcms 0.5.2.1
NA
CVE-2023-34752
bloofox v0.5.2.1 exists to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit.
Bloofox Bloofoxcms 0.5.2.1
NA
CVE-2023-34753
bloofox v0.5.2.1 exists to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit.
Bloofox Bloofoxcms 0.5.2.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »