Bloofoxcms - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Bloofoxcms
(Bloofox)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	26

Date	Id	Summary	Products	Score	Patch	Annotated
2023-06-14	CVE-2023-34755	bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit.	Bloofoxcms	9.8
2023-06-14	CVE-2023-34756	bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit.	Bloofoxcms	9.8
2023-06-14	CVE-2023-34750	bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit.	Bloofoxcms	9.8
2023-06-14	CVE-2023-34751	bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit.	Bloofoxcms	9.8
2023-06-14	CVE-2023-34752	bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit.	Bloofoxcms	9.8
2023-06-14	CVE-2023-34753	bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit.	Bloofoxcms	9.8
2023-06-14	CVE-2023-34754	bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit.	Bloofoxcms	9.8
2020-12-25	CVE-2020-35709	bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with "Content-Type: application/octet-stream") to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal.	Bloofoxcms	4.9
2021-06-04	CVE-2020-36139	BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting (XSS) vulnerability by inserting a XSS payload within the 'fileurl' parameter.	Bloofoxcms	5.4
2021-06-04	CVE-2020-36140	BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) via 'mode=settings&page=editor', as demonstrated by use of 'mode=settings&page=editor' to change any file content (Locally/Remotely).	Bloofoxcms	6.5