4 matches found
Bloofox v0.5.2.1 - SQL Injection
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit. id: CVE-2023-34754 info: name: Bloofox v0.5.2.1 - SQL Injection author: ritikchaddha severity: critical description: | bloofox v0.5.2.1 was...
CVE-2023-34754
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit...
CVE-2023-34754
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit...
CVE-2023-34754
Affected software: bloofox CMS 0.5.2.1. Vulnerability: SQL injection in the pid parameter of admin/index.php?mode=settings&page=plugins&action=edit. Root cause: input from pid is used in SQL without sufficient sanitization (CWE-89). Impact: arbitrary SQL queries, potentially leading to data leaka...