CVE-2010-4870 – BloofoxCMS Registration Plugin - SQL Injection
https://notcve.org/view.php?id=CVE-2010-4870
SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows remote attackers to execute arbitrary SQL commands via the gender parameter. Vulnerabilidad de inyección SQL en index.php en BloofoxCMS v0.3.5 permite a atacantes remotos ejecutar comandos SQL a través del parámetro gender. • https://www.exploit-db.com/exploits/15328 http://packetstormsecurity.org/1010-exploits/bloofoxcms-sql.txt http://securityreason.com/securityalert/8427 http://www.exploit-db.com/exploits/15328 http://www.htbridge.ch/advisory/sql_injection_in_bloofoxcms_registration_plugin.html http://www.securityfocus.com/archive/1/514479/100/100/threaded http://www.securityfocus.com/bid/44464 https://exchange.xforce.ibmcloud.com/vulnerabilities/62810 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2009-4522 – BloofoxCMS 0.3.5 - 'search' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-4522
Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCMS 0.3.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en search.5.html en BloofoxCMS v0.3.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro search sobre index.php. NOTA: algunos de estos detalles provienen de información de terceros. • https://www.exploit-db.com/exploits/33287 http://osvdb.org/58948 http://packetstormsecurity.org/0910-exploits/bloofoxcms-xss.txt http://secunia.com/advisories/37020 http://www.securityfocus.com/bid/36700 https://exchange.xforce.ibmcloud.com/vulnerabilities/53788 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •