bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows malicious users to read local files.
bloofox bloofoxcms 0.5.2.1