VYPR

Bloofoxcms

by Bloofoxcms

Source repositories

CVEs (29)

  • CVE-2008-5748HigDec 29, 2008
    risk 0.56cvss 8.1epss 0.10

    Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote attackers to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters.

  • CVE-2021-47906MedJan 23, 2026
    risk 0.42cvss 6.4epss 0.00

    BloofoxCMS 0.5.2.1 contains a stored cross-site scripting vulnerability in the articles text parameter that allows authenticated attackers to inject malicious scripts. Attackers can insert malicious javascript payloads in the text field to execute scripts and potentially steal…

  • CVE-2023-34751Jun 14, 2023
    risk 0.03cvss epss 0.04

    bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit.

  • CVE-2023-34755Jun 14, 2023
    risk 0.03cvss epss 0.04

    bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit.

  • CVE-2023-34753Jun 14, 2023
    risk 0.03cvss epss 0.04

    bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit.

  • CVE-2023-34756Jun 14, 2023
    risk 0.03cvss epss 0.04

    bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit.

  • CVE-2010-4870Oct 7, 2011
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows remote attackers to execute arbitrary SQL commands via the gender parameter.

  • CVE-2009-4522Dec 31, 2009
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCMS 0.3.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter to index.php. NOTE: some of these details are obtained from third party information.

  • CVE-2008-0428Jan 23, 2008
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in the login function in system/class_permissions.php in bloofoxCMS 0.3 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/index.php.

  • CVE-2008-0427Jan 23, 2008
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in file.php in bloofoxCMS 0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

  • CVE-2007-2310Apr 26, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php in BloofoxCMS 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the img_url parameter.

  • CVE-2023-34752Jun 14, 2023
    risk 0.02cvss epss 0.05

    bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit.

  • CVE-2023-34754Jun 14, 2023
    risk 0.01cvss epss 0.03

    bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit.

  • CVE-2020-36082Aug 11, 2023
    risk 0.00cvss epss 0.01

    File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module.

  • CVE-2023-34750Jun 14, 2023
    risk 0.00cvss epss 0.01

    bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit.

  • CVE-2023-29597Apr 13, 2023
    risk 0.00cvss epss 0.01

    bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1.

  • CVE-2023-27812Apr 13, 2023
    risk 0.00cvss epss 0.01

    bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file() function.

  • CVE-2023-23151Jan 25, 2023
    risk 0.00cvss epss 0.01

    bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deletion vulnerability via the component /include/inc_content_media.php.

  • CVE-2022-28528Apr 26, 2022
    risk 0.00cvss epss 0.01

    bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit.

  • CVE-2021-44610Feb 23, 2022
    risk 0.00cvss epss 0.01

    Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) URLs, (2) lang_id, (3) tmpl_id, (4) mod_rewrite (5) eta_doctype. (6) meta_charset, (7) default_group, and (8) page group parameters in the settings mode in admin/index.php.

Page 1 of 2