PT-2026-41441 · Bloofox+1 · Bloofoxcms

Lipeiyi

·

Published

2026-05-16

·

Updated

2026-05-16

·

CVE-2020-37241

CVSS v4.0

6.9

Medium

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Name of the Vulnerable Software and Affected Versions bloofoxCMS version 0.5.2.1
Description A cross-site request forgery issue allows attackers to perform administrative actions by tricking authenticated users into visiting malicious pages. Attackers can use hidden forms targeting the admin user creation endpoint to create new administrative accounts with arbitrary credentials without the user's consent.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2020-37241

Affected Products

Bloofoxcms