Darkfiggm

**Name of the Vulnerable Software and Affected Versions** BlooFoxCMS version 0.2.2 **Description** The issue concerns a PHP remote file inclusion vulnerability in the install/index.php file of BlooFoxCMS. This vulnerability potentially allows remote attackers to execute arbitrary PHP code via a URL in the `content php` parameter. However, it's noted that this issue has been disputed by a reliable third party, stating that `content php` is initialized before use. **Recommendations** For BlooFoxCMS version 0.2.2, as a temporary workaround, consider restricting access to the install/index.php file until a patch is available. Additionally, avoid using the `content php` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.