RSS   Vulnerabilities for 'Bloofoxcms'   RSS

2021-06-04
 
CVE-2020-36141

CWE-434
 

 
BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability via bypass MIME Type validation by inserting 'image/jpeg' within the 'Content-Type' header.

 
 
CVE-2020-36142

CWE-22
 

 
BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserting '../' payloads within the 'fileurl' parameter.

 
2020-12-25
 
CVE-2020-35709

CWE-22
 

 
bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with "Content-Type: application/octet-stream") to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal.

 


Copyright 2024, cxsecurity.com

 

Back to Top