Vulnerabilities (CVE)

Filtered by vendor Bloofox Subscribe

Filtered by product Bloofoxcms

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-27812	1 Bloofox	1 Bloofoxcms	2023-12-22	N/A	9.1 CRITICAL
bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file() function.
CVE-2020-36082	1 Bloofox	1 Bloofoxcms	2023-08-16	N/A	9.8 CRITICAL
File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module.
CVE-2020-35760	1 Bloofox	1 Bloofoxcms	2021-06-17	7.5 HIGH	9.8 CRITICAL
bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files).