CVE-2021-44610

Name of the Vulnerable Software and Affected Versions bloofoxCMS versions 0.5.1 through 0.5.2.1

Description Multiple SQL Injection vulnerabilities exist in the software via the URLs, lang id, tmpl id, mod rewrite, eta doctype, meta charset, default group, and page group parameters in the settings mode in admin/index.php.

Recommendations For versions 0.5.1 through 0.5.2.1, consider disabling the settings mode in admin/index.php until a patch is available. Restrict access to the vulnerable parameters lang id, tmpl id, mod rewrite, eta doctype, meta charset, default group, and page group to minimize the risk of exploitation. Avoid using these parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.