CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-34750
https://notcve.org/view.php?id=CVE-2023-34750
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit. • https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 1CVE-2023-34754
https://notcve.org/view.php?id=CVE-2023-34754
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit. • https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 1CVE-2023-34756
https://notcve.org/view.php?id=CVE-2023-34756
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit. • https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29597
https://notcve.org/view.php?id=CVE-2023-29597
bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1. • https://github.com/jspring996/PHPcodecms/issues/2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27812
https://notcve.org/view.php?id=CVE-2023-27812
bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file() function. • http://bloofox.com https://github.com/jspring996 https://github.com/jspring996/PHPcodecms/issues/1 https://www.bloofox.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •