bloofoxCMS v0.5.2.1 - SQL Injection

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit. id: CVE-2023-34753 info: name: bloofoxCMS v0.5.2.1 - SQL Injection author: theamanrawat severity: critical description: | bloofox v0.5.2.1 was...

bloofoxCMS v0.5.2.1 - SQL Injection

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit. id: CVE-2023-34751 info: name: bloofoxCMS v0.5.2.1 - SQL Injection author: theamanrawat severity: critical description: | bloofox v0.5.2.1 was...

Bloofox v0.5.2.1 - SQL Injection

Bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit. id: CVE-2023-34756 info: name: Bloofox v0.5.2.1 - SQL Injection author: theamanrawat severity: critical description: | Bloofox v0.5.2.1 was...

Bloofox v0.5.2.1 - SQL Injection

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit. id: CVE-2023-34754 info: name: Bloofox v0.5.2.1 - SQL Injection author: ritikchaddha severity: critical description: | bloofox v0.5.2.1 was...

bloofoxCMS v0.5.2.1 - SQL Injection

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit. id: CVE-2023-34752 info: name: bloofoxCMS v0.5.2.1 - SQL Injection author: theamanrawat severity: critical description: | bloofox v0.5.2.1 was...

EUVD-2020-31233

bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can craft hidden forms targeting the admin user creation endpoint to add new administrative accounts...

CVE-2020-37241

CVE-2020-37241 affects bloofoxCMS 0.5.2.1 and describes a cross-site request forgery (CSRF) that enables an attacker to perform administrative actions by luring a logged-in admin to visit a malicious page. The attack can craft hidden requests targeting the admin user-creation endpoint to add new ...

CVE-2021-47906

BloofoxCMS 0.5.2.1 contains a stored cross-site scripting vulnerability in the articles text parameter that allows authenticated attackers to inject malicious scripts. Attackers can insert malicious javascript payloads in the text field to execute scripts and potentially steal authenticated users...

EUVD-2023-38792

Malicious code in bioql PyPI...

CVE-2023-34756

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings=charset=edit...

CVE-2023-34751

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user=groups=edit...

CVE-2023-34750

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings=projects=edit...

CVE-2023-29597

bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content=pages=edit=1...

CVE-2023-27812

bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the deletefile function...

CVE-2023-34753

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings=tmpl=edit...

CVE-2023-34752

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings=lang=edit...

CVE-2023-34754

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings=plugins=edit...

CVE-2023-34755

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user=edit...

CVE-2020-36082

File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module...

PT-2023-11806 · Unknown · Bloofoxcms

Name of the Vulnerable Software and Affected Versions: bloofoxCMS version 0.5.2.1 Description: The issue allows remote attackers to execute arbitrary code and escalate privileges via a crafted webshell file to the upload module. This can be achieved by uploading a specifically designed file to th...