CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36082
https://notcve.org/view.php?id=CVE-2020-36082
11 Aug 2023 — File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module. • https://github.com/alexlang24/bloofoxCMS/issues/7 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-34750
https://notcve.org/view.php?id=CVE-2023-34750
14 Jun 2023 — bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit. • https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 1CVE-2023-34751
https://notcve.org/view.php?id=CVE-2023-34751
14 Jun 2023 — bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit. • https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 24%CPEs: 2EXPL: 1CVE-2023-34752
https://notcve.org/view.php?id=CVE-2023-34752
14 Jun 2023 — bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit. • http://bloofoxcms.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 1CVE-2023-34753
https://notcve.org/view.php?id=CVE-2023-34753
14 Jun 2023 — bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit. • https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 1CVE-2023-34754
https://notcve.org/view.php?id=CVE-2023-34754
14 Jun 2023 — bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit. • https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 1CVE-2023-34755
https://notcve.org/view.php?id=CVE-2023-34755
14 Jun 2023 — bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit. • https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 3%CPEs: 2EXPL: 1CVE-2023-34756
https://notcve.org/view.php?id=CVE-2023-34756
14 Jun 2023 — bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit. • https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-to-contain-many-sql-injection-vulnerability • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 1CVE-2023-23151
https://notcve.org/view.php?id=CVE-2023-23151
25 Jan 2023 — bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deletion vulnerability via the component /include/inc_content_media.php. Se descubrió que bloofoxCMS v0.5.2.1 contenía una vulnerabilidad de eliminación de archivos arbitraria a través del componente /include/inc_content_media.php. • https://github.com/alexlang24/bloofoxCMS/issues/17 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28528
https://notcve.org/view.php?id=CVE-2022-28528
26 Apr 2022 — bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit. Se ha detectado que bloofoxCMS versión v0.5.2.1, contiene una vulnerabilidad de carga de archivos arbitraria por medio de /admin/index.php?mode=content&page=media&action=edit • https://github.com/alexlang24/bloofoxCMS/issues/14 • CWE-434: Unrestricted Upload of File with Dangerous Type •