SQL Injection Vulnerabilities in BloofoxCMS by Bloofox
CVE-2008-0428

Currently unrated

Key Information:

Vendor: Bloofoxcms
Status: Bloofoxcms
Vendor: CVE Published:; 23 January 2008

What is CVE-2008-0428?

BloofoxCMS version 0.3 is susceptible to multiple SQL injection vulnerabilities through its login function located in system/class_permissions.php. By manipulating the username or password parameters in requests to admin/index.php, an attacker can execute arbitrary SQL commands. This could lead to unauthorized access, data leakage, or complete compromise of the database, posing significant security risks to affected systems. Prompt action is necessary to mitigate these vulnerabilities and ensure the integrity of user data.

References

http://www.vupen.com/english/advisories/2008/0218

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/39794

vdb-entryx_refsource_XF

http://secunia.com/advisories/28415

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jan 23, 2008
Vulnerability Reserved
Jan 23, 2008

JSON

Bloofoxcms

What is CVE-2008-0428?

References

Timeline