CSRF Vulnerability in bloofoxCMS by AlexLang
CVE-2020-35759

6.5MEDIUM

Key Information:

Vendor: Bloofox
Status: Bloofoxcms
Vendor: CVE Published:; 16 June 2021

What is CVE-2020-35759?

The bloofoxCMS version 0.5.2.1 is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability, allowing attackers to perform unauthorized actions such as editing the content of any file. This flaw can be exploited both locally and remotely, exposing users to potential data breaches and unauthorized file modifications. Proper security measures need to be implemented to mitigate this risk.

References

https://github.com/alexlang24/bloofoxCMS/issues/10

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2021
Vulnerability Reserved
Dec 28, 2020

CVE-2020-35759 Data

JSON

Bloofox

What is CVE-2020-35759?

References

CVSS V3.1

Timeline