CVE-2020-36082
https://notcve.org/view.php?id=CVE-2020-36082
File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module. • https://github.com/alexlang24/bloofoxCMS/issues/7 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-34753
https://notcve.org/view.php?id=CVE-2023-34753
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit. • https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-34755
https://notcve.org/view.php?id=CVE-2023-34755
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit. • https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-34751
https://notcve.org/view.php?id=CVE-2023-34751
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit. • https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-34752
https://notcve.org/view.php?id=CVE-2023-34752
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit. • http://bloofoxcms.com https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability https://www.bloofox.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •