Show filters
30 Total Results
Displaying 1-10 of 30
Sort by:
Attacker Value
Unknown

CVE-2020-36082

Disclosure Date: August 11, 2023 (last updated October 08, 2023)
File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-34756

Disclosure Date: June 14, 2023 (last updated October 08, 2023)
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-34755

Disclosure Date: June 14, 2023 (last updated October 08, 2023)
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-34754

Disclosure Date: June 14, 2023 (last updated October 08, 2023)
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-34753

Disclosure Date: June 14, 2023 (last updated October 08, 2023)
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-34752

Disclosure Date: June 14, 2023 (last updated October 08, 2023)
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-34751

Disclosure Date: June 14, 2023 (last updated October 08, 2023)
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-34750

Disclosure Date: June 14, 2023 (last updated October 08, 2023)
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-29597

Disclosure Date: April 13, 2023 (last updated December 23, 2023)
bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-27812

Disclosure Date: April 13, 2023 (last updated December 23, 2023)
bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file() function.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  Next >