CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-36140

BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) via 'mode=settings&page=editor', as demonstrated by use of 'mode=settings&page=editor' to change any file content (Locally/Remotely).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 41.7%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.3

References

https://muteb.io/2020/12/29/BloofoxCMS-Multiple-Vulnerabilities.html
https://muteb.io/2020/12/29/BloofoxCMS-Multiple-Vulnerabilities.html

Products affected by CVE-2020-36140

Bloofox » Bloofoxcms » Version: 0.5.2.1

cpe:2.3:a:bloofox:bloofoxcms:0.5.2.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-36140

Products

Pricing

Contact Us