CVE-2020-37241

CVE-2020-37241 affects bloofoxCMS 0.5.2.1 and describes a cross-site request forgery (CSRF) that enables an attacker to perform administrative actions by luring a logged-in admin to visit a malicious page. The attack can craft hidden requests targeting the admin user-creation endpoint to add new ...

CVE-2021-47906

BloofoxCMS 0.5.2.1 contains a stored cross-site scripting vulnerability in the articles text parameter that allows authenticated attackers to inject malicious scripts. Attackers can insert malicious javascript payloads in the text field to execute scripts and potentially steal authenticated users...

CVE-2020-36082

File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module...

bloofoxCMS SQL注入漏洞

bloofoxCMS is bloofox bloofoxCMS individual developers of a Php-based text content management system. A security vulnerability exists in bloofoxCMS version v0.5.2.1, which stems from a pid parameter found to contain an SQL injection vulnerability via...

BloofoxCms 路径遍历漏洞

bloofoxCMS is a free open source PHP + MySQL based Web content management system . A path traversal vulnerability exists in the fileurl parameter in bloofoxCMS version 0.5.2.1. An attacker can exploit this vulnerability to read local files...

bloofoxCMS 跨站请求伪造漏洞

bloofoxCMS is a free open source PHP + MySQL based Web content management system . A cross-site request forgery vulnerability exists in bloofoxCMS version 0.5.2.1. An attacker can exploit this vulnerability to edit the content of any file...

CVE-2020-36139

BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting XSS vulnerability by inserting a XSS payload within the 'fileurl' parameter...

CVE-2020-36142

BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserting '../' payloads within the 'fileurl' parameter...

bloofox CMS 0.5.0 - Multiple Vulnerabilities

No description provided by source. bloofoxCMS V0.5.0 - Multiple Vulnerabilties =================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script :...

bloofox 0.3 (sql/fd) Multiple Vulnerabilities

No description provided by source. WwW.BugReport.ir AmnPardaz Security Research Team Title:Bloofox CMS Vulnerabilities Vendor: http://www.bloofox.com Bugs: SQL Injection Authentication bypass , Source code disclosure Vulnerable Version: 0.3 prior versions also may be affected Exploitation: Remote...

Bloofox CMS Unrestricted File Upload Exploit

Exploit for php platform in category web applications ?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit...

BlooFox CMS 0.3.5 Cross Site Scripting

| D R U N K E N | || || || D A N I S H | || || |' R E D N E C K S '--''--''--' RESEARCH AND FUCKING HACKING: | DRUNKEN DANISH REDNECKS | || || || !!!!!!! | || || |' [email protected] '--''--''--' = BLOOFOXCMS 0.3.5 XSS | | "search" PARMETER IN SEARCH.5.HTML @...

BlooFox CMS <= 0.3.5 xss

Exploit for unknown platform in category web applications ======================== BlooFox CMS = 0.3.5 xss ======================== | D R U N K E N | || || || D A N I S H | || || |' R E D N E C K S '--''--''--' RESEARCH AND FUCKING HACKING: | DRUNKEN DANISH REDNECKS | || || || !!!!!!! | || || |'...

BlooFox CMS 0.3.5 xss

No description provided by source. | D R U N K E N | || || || D A N I S H | || || |' R E D N E C K S '--''--''--' RESEARCH AND FUCKING HACKING: | DRUNKEN DANISH REDNECKS | || || || !!!!!!! | || || |' [email protected] '--''--''--' = BLOOFOXCMS 0.3.5 XSS | | "search" PARMETER IN...

Bloofox CMS 0.3.4 Local File Inclusion

BloofoxCMS 0.3.4 http://www.bloofox.com/ magicquotesgpc = Off registerglobals = On - File Inclusion - http://site/bloofoxCMS0.3.4/plugins/spaw2/dialogs/dialog.php?lang=../../../../../../../../../../../../etc/passwd%00 Also vulnerable: dialog.php?theme= dialog.php?dialog=foo&module= - Seasons...

bloofox-multi.txt

WwW.BugReport.ir AmnPardaz Security Research Team Title:Bloofox CMS Vulnerabilities Vendor: http://www.bloofox.com Bugs: SQL Injection Authentication bypass , Source code disclosure Vulnerable Version: 0.3 prior versions also may be affected Exploitation: Remote with browser Fix Available: No! -...

Bloofox CMS SQL Injection &#40;Authentication bypass&#41; , Source code disclosure

WwW.BugReport.ir AmnPardaz Security Research Team Title:Bloofox CMS Vulnerabilities Vendor: http://www.bloofox.com Bugs: SQL Injection Authentication bypass , Source code disclosure Vulnerable Version: 0.3 prior versions also may be affected Exploitation: Remote with browser Fix Available: No! -...

Bloofox 0.3 (SQL/FD) Multiple Remote Vulnerabilities

No description provided by source. WwW.BugReport.ir AmnPardaz Security Research Team Title:Bloofox CMS Vulnerabilities Vendor: http://www.bloofox.com Bugs: SQL Injection Authentication bypass , Source code disclosure Vulnerable Version: 0.3 prior versions also may be affected...

bloofox 0.3 - SQL Injection File Disclosure

bloofox 0.3 - SQL Injection File Disclosure WwW.BugReport.ir AmnPardaz Security Research Team Title:Bloofox CMS Vulnerabilities Vendor: http://www.bloofox.com Bugs: SQL Injection Authentication bypass , Source code disclosure Vulnerable Version: 0.3 prior versions also may be affected Exploitatio...

bloofox 0.3 - SQL Injection / File Disclosure

WwW.BugReport.ir AmnPardaz Security Research Team Title:Bloofox CMS Vulnerabilities Vendor: http://www.bloofox.com Bugs: SQL Injection Authentication bypass , Source code disclosure Vulnerable Version: 0.3 prior versions also may be affected Exploitation: Remote with browser Fix Available: No! -...