File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload...
9.8CVSS
9.8AI Score
0.002EPSS
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at...
9.8CVSS
9.8AI Score
0.001EPSS
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at...
9.8CVSS
9.8AI Score
0.113EPSS
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at...
9.8CVSS
9.8AI Score
0.024EPSS
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at...
9.8CVSS
9.8AI Score
0.024EPSS
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at...
9.8CVSS
9.8AI Score
0.024EPSS
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at...
9.8CVSS
9.8AI Score
0.001EPSS
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at...
9.8CVSS
9.8AI Score
0.024EPSS
bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component...
8.8CVSS
9AI Score
0.001EPSS
bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file()...
9.1CVSS
9.2AI Score
0.001EPSS
bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deletion vulnerability via the component...
6.5CVSS
6.6AI Score
0.001EPSS
bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via...
8.8CVSS
8.8AI Score
0.001EPSS
Multiple Cross Site Scripting (XSS) vulnerabilities exists in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) file parameter and (2) type parameter in an edit action in...
5.4CVSS
5.5AI Score
0.001EPSS
Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) URLs, (2) lang_id, (3) tmpl_id, (4) mod_rewrite (5) eta_doctype. (6) meta_charset, (7) default_group, and (8) page group parameters in the settings mode in...
9.8CVSS
10AI Score
0.002EPSS
bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content...
6.5CVSS
7.3AI Score
0.001EPSS
bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php...
9.8CVSS
7.4AI Score
0.004EPSS
bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local...
2.7CVSS
7.1AI Score
0.001EPSS
bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers to execute arbitrary JS/HTML...
5.4CVSS
7.2AI Score
0.001EPSS
BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) via 'mode=settings&page=editor', as demonstrated by use of 'mode=settings&page=editor' to change any file content...
6.5CVSS
7.6AI Score
0.001EPSS
BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting (XSS) vulnerability by inserting a XSS payload within the 'fileurl'...
5.4CVSS
5.6AI Score
0.001EPSS
BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserting '../' payloads within the 'fileurl'...
6.5CVSS
7.4AI Score
0.001EPSS
BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability via bypass MIME Type validation by inserting 'image/jpeg' within the 'Content-Type'...
8.8CVSS
7.4AI Score
0.001EPSS
bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with "Content-Type: application/octet-stream") to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory...
4.9CVSS
7.5AI Score
0.001EPSS
SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows remote attackers to execute arbitrary SQL commands via the gender...
8.6AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCMS 0.3.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter to index.php. NOTE: some of these details are obtained from third party...
5.8AI Score
0.005EPSS
Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2) theme, and (3) module...
8.1CVSS
7.5AI Score
0.119EPSS
Directory traversal vulnerability in file.php in bloofoxCMS 0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the file...
7.4AI Score
0.02EPSS
Multiple SQL injection vulnerabilities in the login function in system/class_permissions.php in bloofoxCMS 0.3 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to...
9.6AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php in BloofoxCMS 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the img_url...
6.3AI Score
0.003EPSS
PHP remote file inclusion vulnerability in install/index.php in BlooFoxCMS 0.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the content_php parameter. NOTE: this issue has been disputed by a reliable third party, stating that content_php is initialized before...
8.3AI Score
0.011EPSS