Vulnerabilities (CVE)

Filtered by vendor Bloofox Subscribe

Filtered by product Bloofoxcms

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-29597	1 Bloofox	1 Bloofoxcms	2023-12-22	N/A	8.8 HIGH
bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1.
CVE-2022-28528	1 Bloofox	1 Bloofoxcms	2022-05-05	6.5 MEDIUM	8.8 HIGH
bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit.
CVE-2020-36141	1 Bloofox	1 Bloofoxcms	2021-06-09	6.5 MEDIUM	8.8 HIGH
BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability via bypass MIME Type validation by inserting 'image/jpeg' within the 'Content-Type' header.