CVE-2020-35709

Published December 25th, 2020

View on NVD ↗

CVSS v3

4.9

MEDIUM

CVSS v2

MEDIUM

Affected

PROJECT

Description

bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with "Content-Type: application/octet-stream") to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal.

alexlang24/bloofoxCMS

bloofoxCMS is a free open source web content management system (CMS).

GitHub