Path Traversal Vulnerability in BloofoxCMS by Alexlang24
CVE-2020-35762

2.7LOW

Key Information:

Vendor: Bloofox
Status: Bloofoxcms
Vendor: CVE Published:; 16 June 2021

What is CVE-2020-35762?

BloofoxCMS version 0.5.2.1 contains a path traversal vulnerability in the 'fileurl' parameter, enabling attackers to access and read local files on the server. This can lead to exposure of sensitive information stored on the system. It is crucial for administrators to apply necessary patches and validate input to mitigate such threats effectively.

References

https://github.com/alexlang24/bloofoxCMS/issues/11

x_refsource_MISC

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2021
Vulnerability Reserved
Dec 28, 2020

CVE-2020-35762 Data

JSON