Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bloofox bloofoxcms 0.5.2.1 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2022-28528
bloofoxCMS v0.5.2.1 exists to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit.
Bloofox Bloofoxcms 0.5.2.1
4.3
CVSSv2
CVE-2020-35759
bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content (Locally/Remotely).
Bloofox Bloofoxcms 0.5.2.1
7.5
CVSSv2
CVE-2020-35760
bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows malicious users to upload malicious files (ex: php files).
Bloofox Bloofoxcms 0.5.2.1
NA
CVE-2023-34752
bloofox v0.5.2.1 exists to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit.
Bloofox Bloofoxcms 0.5.2.1
NA
CVE-2020-36082
File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote malicious users to execute arbitrary code and escalate privileges via crafted webshell file to upload module.
Bloofox Bloofoxcms 0.5.2.1
4.3
CVSSv2
CVE-2020-36140
BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) via 'mode=settings&page=editor', as demonstrated by use of 'mode=settings&page=editor' to change any file content (Locally/Remotely).
Bloofox Bloofoxcms 0.5.2.1
3.5
CVSSv2
CVE-2020-36139
BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting (XSS) vulnerability by inserting a XSS payload within the 'fileurl' parameter.
Bloofox Bloofoxcms 0.5.2.1
6.5
CVSSv2
CVE-2020-36141
BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability via bypass MIME Type validation by inserting 'image/jpeg' within the 'Content-Type' header.
Bloofox Bloofoxcms 0.5.2.1
4
CVSSv2
CVE-2020-36142
BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserting '../' payloads within the 'fileurl' parameter.
Bloofox Bloofoxcms 0.5.2.1
NA
CVE-2023-34750
bloofox v0.5.2.1 exists to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit.
Bloofox Bloofoxcms 0.5.2.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »