Arbitrary Code Execution and Privilege Escalation via File Upload in bloofoxCMS 0.5.2.1

Arbitrary Code Execution and Privilege Escalation via File Upload in bloofoxCMS 0.5.2.1

CVE-2020-36082 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module.

Learn more about our Web App Pen Testing.