PT-2022-19985 · Rebuild · Rebuild

Name of the Vulnerable Software and Affected Versions: Rebuild version 2.8.3 Description: A Server-Side Request Forgery SSRF issue allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter. This enables attackers to access internal network details...

bloofoxCMS path traversal vulnerability (CNVD-2021-41076)

bloofoxCMS is a free open source PHP + MySQL based Web content management system . A path traversal vulnerability exists in the fileurl parameter in bloofoxCMS version 0.5.2.1. An attacker can exploit this vulnerability to read local files...

CVE-2020-35762

bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files...

Path traversal

bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files...

CVE-2020-35762

bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files...

BloofoxCms 路径遍历漏洞

bloofoxCMS is a free open source PHP + MySQL based Web content management system . A path traversal vulnerability exists in the fileurl parameter in bloofoxCMS version 0.5.2.1. An attacker can exploit this vulnerability to read local files...

BloofoxCMS Cross-Site Scripting Vulnerability (CNVD-2021-40550)

BloofoxCMS is a free and open source web content management system based on PHP+MySQL. A reflective cross-site scripting vulnerability exists in BloofoxCMS version 0.5.2.1. An attacker can exploit this vulnerability by using the fileurl parameter to conduct cross-site scripting attacks...

CVE-2020-36142

BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserting '../' payloads within the 'fileurl' parameter...

CVE-2020-36142

BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserting '../' payloads within the 'fileurl' parameter...

CVE-2020-36139

BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting XSS vulnerability by inserting a XSS payload within the 'fileurl' parameter...

CVE-2020-36142

BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserting '../' payloads within the 'fileurl' parameter...

CVE-2020-36139

BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting XSS vulnerability by inserting a XSS payload within the 'fileurl' parameter...

Cross site scripting

BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting XSS vulnerability by inserting a XSS payload within the 'fileurl' parameter...

CVE-2020-36139

CVE-2020-36139 affects BloofoxCMS 0.5.2.1. The vulnerability is a reflected XSS via the fileurl parameter, caused by unsanitized input that’s reflected in the page. Exploitation details are not provided in the documents; no in-the-wild exploit status is stated. Impact is consistent with a browser...

BloofoxCMS 路径遍历漏洞

bloofoxCMS is a free open source PHP + MySQL based Web content management system . A directory traversal vulnerability exists in BloofoxCMS version 0.5.2.1. An attacker can exploit this vulnerability by inserting the '... /' payload into the 'fileurl' parameter to achieve directory traversal...

PT-2021-11925 · Unknown · Bloofoxcms

Name of the Vulnerable Software and Affected Versions: BloofoxCMS version 0.5.2.1 Description: The issue allows for Reflected Cross-Site Scripting XSS by inserting a XSS payload within the fileurl parameter. Recommendations: For BloofoxCMS version 0.5.2.1, avoid using the fileurl parameter until ...

PT-2021-11928 · Unknown · Bloofoxcms

Name of the Vulnerable Software and Affected Versions: BloofoxCMS version 0.5.2.1 Description: The issue allows directory traversal by inserting '../' payloads within the fileurl parameter. This enables potential access to sensitive files and directories outside the intended directory structure...

BloofoxCms 跨站脚本漏洞

BloofoxCMS is a free and open source web content management system based on PHP+MySQL. A reflective cross-site scripting vulnerability exists in BloofoxCMS version 0.5.2.1. An attacker can exploit this vulnerability by using the fileurl parameter to conduct cross-site scripting attacks...