|
Description
|
|
Multiple vulnerabilities were identified in bloofoxCMS, which could be exploited to conduct directory traversal and SQL injection attacks.
This first issue is caused by input validation errors in the "login()" [system/class_permissions.php] function that does not validate the "username" and "password" parameter, which may be exploited by malicious users to conduct SQL injection attacks.
The second vulnerability is caused by an input validation error in the "file.php" script when processing a specially crafted "file" parameter, which may be exploited to disclose the contents of arbitrary files via directory traversal attacks.
|
