Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bloofoxcms vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-35760
bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows malicious users to upload malicious files (ex: php files).
Bloofox Bloofoxcms 0.5.2.1
NA
CVE-2020-36082
File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote malicious users to execute arbitrary code and escalate privileges via crafted webshell file to upload module.
Bloofox Bloofoxcms 0.5.2.1
4.3
CVSSv2
CVE-2020-36140
BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) via 'mode=settings&page=editor', as demonstrated by use of 'mode=settings&page=editor' to change any file content (Locally/Remotely).
Bloofox Bloofoxcms 0.5.2.1
6.5
CVSSv2
CVE-2020-36141
BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability via bypass MIME Type validation by inserting 'image/jpeg' within the 'Content-Type' header.
Bloofox Bloofoxcms 0.5.2.1
4
CVSSv2
CVE-2020-36142
BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserting '../' payloads within the 'fileurl' parameter.
Bloofox Bloofoxcms 0.5.2.1
4.3
CVSSv2
CVE-2008-5748
Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote malicious users to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters.
Bloofox Bloofoxcms 0.3.4
1 EDB exploit
3.5
CVSSv2
CVE-2020-36139
BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting (XSS) vulnerability by inserting a XSS payload within the 'fileurl' parameter.
Bloofox Bloofoxcms 0.5.2.1
4.3
CVSSv2
CVE-2009-4522
Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCMS 0.3.5 allows remote malicious users to inject arbitrary web script or HTML via the search parameter to index.php. NOTE: some of these details are obtained from third party information.
Bloofox Bloofoxcms 0.3.5
1 EDB exploit
7.5
CVSSv2
CVE-2010-4870
SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows remote malicious users to execute arbitrary SQL commands via the gender parameter.
Bloofox Bloofoxcms 0.3.5
1 EDB exploit
NA
CVE-2023-23151
bloofoxCMS v0.5.2.1 exists to contain an arbitrary file deletion vulnerability via the component /include/inc_content_media.php.
Bloofox Bloofoxcms 0.5.2.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3