CVE-2020-37241 – bloofoxCMS 0.5.2.1 Cross-Site Request Forgery via user add

CVE ID :CVE-2020-37241

Published : May 16, 2026, 3:28 p.m. | 29 minutes ago

Description :bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can craft hidden forms targeting the admin user creation endpoint to add new administrative accounts with arbitrary credentials without requiring explicit user consent.

Severity: 6.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2021-47978 – ProcessMaker 3.5.4 Local File Inclusion via Path Traversal

CVE-2021-47977 – WordPress Anti-Malware Security Bruteforce Firewall 4.20.59 Directory Traversal

CVE-2021-47942 – Home Assistant Community Store 1.10.0 Path Traversal Account Takeover

CVE-2021-47981 – Quick.CMS 6.7 Cross-Site Scripting via CSRF to Sliders Form