CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-35709

bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with "Content-Type: application/octet-stream") to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 72.2%

CVSS Severity

CVSS v3 Score 4.9

CVSS v2 Score 4.0

References

https://github.com/alexlang24/bloofoxCMS/issues/7
https://github.com/alexlang24/bloofoxCMS/issues/7

Products affected by CVE-2020-35709

Bloofox » Bloofoxcms » Version: 0.5.2.1

cpe:2.3:a:bloofox:bloofoxcms:0.5.2.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-35709

Products

Pricing

Contact Us