Detections
Analytics

CVE-2020-37241

medium

Description

bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can craft hidden forms targeting the admin user creation endpoint to add new administrative accounts with arbitrary credentials without requiring explicit user consent.

References

https://www.vulncheck.com/advisories/bloofoxcms-cross-site-request-forgery-via-user-add

https://www.exploit-db.com/exploits/49507

https://www.bloofox.com/

https://github.com/alexlang24/bloofoxCMS/releases/tag/0.5.2.1

Details

Source: Mitre, NVD

Published: 2026-05-16

Updated: 2026-05-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Severity: Medium

CVSS v4

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

Severity: Medium