BloofoxCms, a Php-based text content management system, is vulnerable to SQL injection in versions 0.5.1 (inclusive) to 0.5.2.1 (inclusive), due to the following parameters βURLs,lang_id,tmpl_id,mod_rewrite,eta_ doctype,meta_charset,default_group,page groupβ lacks validation for external input SQL statements. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data.