CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36082
https://notcve.org/view.php?id=CVE-2020-36082
11 Aug 2023 — File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module. • https://github.com/alexlang24/bloofoxCMS/issues/7 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-34750
https://notcve.org/view.php?id=CVE-2023-34750
14 Jun 2023 — bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit. • https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 1CVE-2023-34751
https://notcve.org/view.php?id=CVE-2023-34751
14 Jun 2023 — bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit. • https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 24%CPEs: 2EXPL: 1CVE-2023-34752
https://notcve.org/view.php?id=CVE-2023-34752
14 Jun 2023 — bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit. • http://bloofoxcms.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 1CVE-2023-34753
https://notcve.org/view.php?id=CVE-2023-34753
14 Jun 2023 — bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit. • https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 1CVE-2023-34754
https://notcve.org/view.php?id=CVE-2023-34754
14 Jun 2023 — bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit. • https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 1CVE-2023-34755
https://notcve.org/view.php?id=CVE-2023-34755
14 Jun 2023 — bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit. • https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 1CVE-2023-34756
https://notcve.org/view.php?id=CVE-2023-34756
14 Jun 2023 — bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit. • https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27812
https://notcve.org/view.php?id=CVE-2023-27812
13 Apr 2023 — bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file() function. • http://bloofox.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-29597
https://notcve.org/view.php?id=CVE-2023-29597
13 Apr 2023 — bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1. • https://github.com/jspring996/PHPcodecms/issues/2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •