Bloofoxcms Security Vulnerabilities and Issues — Bloofoxcms CVE List

Lucene search

BloofoxBloofoxcms

4 matches found

CVE•added 2021/06/04 4:15 p.m.•41 views

CVE-2020-36140

BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) via 'mode=settings&page=editor', as demonstrated by use of 'mode=settings&page=editor' to change any file content (Locally/Remotely).

6.5CVSS6.5AI score0.00194EPSS

CVE•added 2023/01/26 9:18 p.m.•36 views

CVE-2023-23151

bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deletion vulnerability via the component /include/inc_content_media.php.

6.5CVSS6.6AI score0.0016EPSS

CVE•added 2021/06/16 4:15 p.m.•33 views

CVE-2020-35759

bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content (Locally/Remotely).

6.5CVSS6.4AI score0.00229EPSS

CVE•added 2021/06/04 4:15 p.m.•32 views

CVE-2020-36142

BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserting '../' payloads within the 'fileurl' parameter.

6.5CVSS6.4AI score0.00392EPSS