Arbitrary File Deletion Vulnerability in Bloofox Software
CVE-2023-27812

9.1CRITICAL

Key Information:

Vendor: Bloofox
Status: Bloofoxcms
Vendor: CVE Published:; 13 April 2023

What is CVE-2023-27812?

An arbitrary file deletion vulnerability has been identified in Bloofox v0.5.2, stemming from the delete_file() function. This flaw could allow an unauthorized user to delete critical files on the server, which may lead to the disruption of service and loss of data integrity. It is crucial for users of this software to apply necessary patches and updates to safeguard their systems from potential exploitation.

References

http://bloofox.com

https://github.com/jspring996

https://github.com/jspring996/PHPcodecms/issues/1

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2023
Vulnerability Reserved
Mar 5, 2023

CVE-2023-27812 Data

JSON