bloofox 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk sql injection and パス処理の欠陥 などに関し、一部は vendor impact data exposure を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2020-36082 | File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module. | [email protected] | 9.8 | 2.12% | 2023-08-11 | 2024-11-21 |
| CVE-2023-34756 | bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit. | [email protected] | 9.8 | 33.24% | 2023-06-14 | 2025-01-03 |
| CVE-2023-34755 | bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit. | [email protected] | 9.8 | 33.24% | 2023-06-14 | 2025-01-03 |
| CVE-2023-34754 | bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit. | [email protected] | 9.8 | 12.80% | 2023-06-14 | 2025-01-02 |
| CVE-2023-34753 | bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit. | [email protected] | 9.8 | 33.24% | 2023-06-14 | 2025-01-02 |
| CVE-2023-34752 | bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit. | [email protected] | 9.8 | 30.20% | 2023-06-14 | 2025-01-02 |
| CVE-2023-34751 | bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit. | [email protected] | 9.8 | 33.24% | 2023-06-14 | 2025-01-02 |
| CVE-2023-34750 | bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit. | [email protected] | 9.8 | 0.46% | 2023-06-14 | 2025-01-02 |
| CVE-2023-29597 | bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1. | [email protected] | 8.8 | 0.30% | 2023-04-13 | 2024-11-21 |
| CVE-2023-27812 | bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file() function. | [email protected] | 9.1 | 1.32% | 2023-04-13 | 2024-11-21 |
| CVE-2023-23151 | bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deletion vulnerability via the component /include/inc_content_media.php. | [email protected] | 6.5 | 0.34% | 2023-01-26 | 2025-03-28 |
| CVE-2022-28528 | bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit. | [email protected] | 8.8 | 0.40% | 2022-04-26 | 2024-11-21 |
| CVE-2021-44610 | Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) URLs, (2) lang_id, (3) tmpl_id, (4) mod_rewrite (5) eta_doctype. (6) meta_charset, (7) default_group, and (8) page group parameters in the settings mode in admin/index.php. | [email protected] | 9.8 | 0.67% | 2022-02-24 | 2024-11-21 |
| CVE-2021-44608 | Multiple Cross Site Scripting (XSS) vulnerabilities exists in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) file parameter and (2) type parameter in an edit action in index.php. | [email protected] | 5.4 | 0.25% | 2022-02-24 | 2024-11-21 |
| CVE-2020-35762 | bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files. | [email protected] | 2.7 | 0.26% | 2021-06-16 | 2024-11-21 |
| CVE-2020-35761 | bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers to execute arbitrary JS/HTML Code. | [email protected] | 5.4 | 0.18% | 2021-06-16 | 2024-11-21 |
| CVE-2020-35760 | bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files). | [email protected] | 9.8 | 1.34% | 2021-06-16 | 2024-11-21 |
| CVE-2020-35759 | bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content (Locally/Remotely). | [email protected] | 6.5 | 0.23% | 2021-06-16 | 2024-11-21 |
| CVE-2020-36142 | BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserting '../' payloads within the 'fileurl' parameter. | [email protected] | 6.5 | 0.39% | 2021-06-04 | 2024-11-21 |
| CVE-2020-36141 | BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability via bypass MIME Type validation by inserting 'image/jpeg' within the 'Content-Type' header. | [email protected] | 8.8 | 0.42% | 2021-06-04 | 2024-11-21 |