CVE-2020-36082

Name of the Vulnerable Software and Affected Versions bloofoxCMS version 0.5.2.1

Description The issue allows remote attackers to execute arbitrary code and escalate privileges via a crafted webshell file to the upload module. This can be achieved by uploading a specifically designed file to the vulnerable module, potentially leading to privilege escalation.

Recommendations For bloofoxCMS version 0.5.2.1, consider disabling the file upload feature until a patch is available to prevent remote attackers from executing arbitrary code. Restrict access to the upload module to minimize the risk of exploitation. Avoid using the upload feature with untrusted files or sources until the issue is resolved.