SQL Injection in Bloofox Bloofoxcms

CVE-2010-4870

SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows remote attackers to execute arbitrary SQL commands via the gender parameter.

Vulnerability class: SQL Injection

EPSS: 0.016 (82.0th percentile) — read the EPSS interpretation.

Affected products

Bloofox Bloofoxcms — versions 0.3.5
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

20101027 SQL injection in BloofoxCMS registration plugin (mailing-list, x_refsource_BUGTRAQ)
bloofoxcms-name-sql-injection(62810) (vdb-entry, x_refsource_XF)
15328 (Exploit, exploit, x_refsource_EXPLOIT-DB)
8427 (x_refsource_SREASON, third-party-advisory)
cve@mitre.org (Exploit, x_refsource_MISC)
44464 (Exploit, vdb-entry, x_refsource_BID)
cve@mitre.org (Exploit, x_refsource_MISC)