Application: BloofoxCMS
Affected Version: 0.3 and other versions.
Vendor’s URL: http://www.bloofox.com/
Bug Type: SQL Injection, Information Disclosure
Risk Level: Critical
Solution:
Edit the source code to ensure that input is properly sanitized.
Restrict access to the “admin/” directory (e.g. with “.htaccess”).
