bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with "Content-Type: application/octet-stream") to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal.
References
Link | Resource |
---|---|
https://github.com/alexlang24/bloofoxCMS/issues/7 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-12-25T18:42:48
Updated: 2020-12-25T18:42:48
Reserved: 2020-12-25T00:00:00
Link: CVE-2020-35709
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-12-25T19:15:13.130
Modified: 2021-06-09T16:14:31.703
Link: CVE-2020-35709
JSON object: View
Redhat Information
No data.
CWE