3 matches found
CVE-2020-35709
bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files with "Content-Type: application/octet-stream" to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal...
CVE-2020-35709
bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files with "Content-Type: application/octet-stream" to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal...
CVE-2020-35709
BloofoxCMS 0.5.2.1 is vulnerable to a directory traversal issue: admins can upload arbitrary .php files to ../media/images/ via admin/index.php?mode=tools&page=upload when uploading with Content-Type: application/octet-stream. This leads to uploading PHP payloads on the server; exact exploitation...