Unrestricted File Upload in bloofoxCMS by Bloofox
CVE-2020-35760

9.8CRITICAL

Key Information:

Vendor: Bloofox
Status: Bloofoxcms
Vendor: CVE Published:; 16 June 2021

What is CVE-2020-35760?

The bloofoxCMS version 0.5.2.1 is susceptible to an Unrestricted File Upload vulnerability, allowing attackers to upload harmful files, including PHP scripts. This flaw can lead to significant security risks as the uploaded files could be executed on the server, compromising the integrity and confidentiality of the system.

References

https://github.com/alexlang24/bloofoxCMS/issues/9

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2021
Vulnerability Reserved
Dec 28, 2020

CVE-2020-35760 Data

JSON