CVE-2020-35709

2020-12-2519:15:13

Google

osv.dev

bloofoxcms

admin

file upload

vulnerability

AI Score

Confidence

High

EPSS

0.001

Percentile

25.9%

JSON

bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with “Content-Type: application/octet-stream”) to …/media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal.

References

github.com/alexlang24/bloofoxCMS/issues/7