NotCVE - vendor:"Bloofox" product:"Bloofoxcms" version:"0.5.2"

4 results (0.005 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-29597

https://notcve.org/view.php?id=CVE-2023-29597

bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1. • https://github.com/jspring996/PHPcodecms/issues/2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-27812

https://notcve.org/view.php?id=CVE-2023-27812

bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file() function. • http://bloofox.com https://github.com/jspring996 https://github.com/jspring996/PHPcodecms/issues/1 https://www.bloofox.com • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-44610

https://notcve.org/view.php?id=CVE-2021-44610

Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) URLs, (2) lang_id, (3) tmpl_id, (4) mod_rewrite (5) eta_doctype. (6) meta_charset, (7) default_group, and (8) page group parameters in the settings mode in admin/index.php. Se presentan múltiples vulnerabilidades de inyección SQL en bloofoxCMS versiones 0.5.2.1 - 0.5.1 por medio de los parámetros (1) URLs, (2) lang_id, (3) tmpl_id, (4) mod_rewrite (5) eta_doctype. (6) meta_charset, (7) default_group, y (8) page group en el modo de configuración en el archivo admin/index.php • https://github.com/alexlang24/bloofoxCMS/issues/13 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-44608

https://notcve.org/view.php?id=CVE-2021-44608

Multiple Cross Site Scripting (XSS) vulnerabilities exists in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) file parameter and (2) type parameter in an edit action in index.php. Se presentan múltiples vulnerabilidades de tipo Cross Site Scripting (XSS) en bloofoxCMS versiones 0.5.2.1 - 0.5.1, por medio de los parámetros (1) file y (2) type en una acción de edición en el archivo index.php • https://github.com/alexlang24/bloofoxCMS/issues/12 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •