← Back to CVE List

CVE-2020-35709

Published: 2020-12-25T19:15Z
Last Modified: 2024-11-21T05:27Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with "Content-Type: application/octet-stream") to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt