SQL Injection Vulnerabilities in bloofoxCMS by AlexLang
CVE-2021-44610

9.8CRITICAL

Key Information:

Vendor: Bloofox
Status: Bloofoxcms
Vendor: CVE Published:; 24 February 2022

What is CVE-2021-44610?

Multiple SQL Injection vulnerabilities have been identified in bloofoxCMS versions 0.5.2.1 and 0.5.1. These weaknesses manifest through various parameters, including URLs, lang_id, tmpl_id, mod_rewrite, eta_doctype, meta_charset, default_group, and page group within the admin/index.php settings mode. Successful exploitation of these vulnerabilities could allow attackers to execute arbitrary SQL commands in the database, potentially leading to unauthorized data access and other harmful outcomes.

References

https://github.com/alexlang24/bloofoxCMS/issues/13

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2022
Vulnerability Reserved
Dec 6, 2021

CVE-2021-44610 Data

JSON

Bloofox

What is CVE-2021-44610?

References

CVSS V3.1

Timeline