CVE-2023-23151 in bloofoxCMS
Summary
by MITRE • 01/26/2023
bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deletion vulnerability via the component /include/inc_content_media.php.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 10/06/2025
The bloofoxCMS version 0.5.2.1 contains a critical arbitrary file deletion vulnerability that stems from insufficient input validation within the /include/inc_content_media.php component. This flaw allows authenticated attackers with appropriate privileges to manipulate the file deletion functionality and remove arbitrary files from the target system. The vulnerability represents a significant security risk as it enables unauthorized file removal operations that could compromise system integrity and availability. The issue manifests when the application fails to properly sanitize user-supplied input parameters that control file deletion operations, creating an exploitable path for malicious actors to target critical system files.
This vulnerability directly maps to CWE-400, which classifies the weakness as "Uncontrolled Resource Consumption" and specifically addresses the scenario where applications fail to properly validate or sanitize input that controls file operations. The flaw operates under the principle of insufficient input validation where user-controllable parameters are not adequately checked before being used in file system operations. The ATT&CK framework categorizes this issue under T1485 "Data Destruction" as it enables adversaries to remove critical files from the target system. The vulnerability's exploitation requires minimal privileges and can be leveraged to cause significant operational disruption.
The operational impact of this vulnerability extends beyond simple file deletion to encompass potential system compromise and data loss scenarios. Attackers could exploit this weakness to remove critical system files, configuration data, or user content, leading to service disruption and potential data breaches. The vulnerability's presence in a content management system creates additional risk as it may allow attackers to target media files, database files, or application configuration components that could lead to further exploitation. System administrators may experience unauthorized access to file systems and potential escalation of privileges through the removal of security-critical files.
Mitigation strategies for this vulnerability should include immediate patching of the bloofoxCMS application to the latest version that addresses the file deletion validation flaw. Organizations should implement proper input sanitization and validation procedures within the affected component to ensure that all file operations are properly authorized and constrained. Access controls should be reviewed and strengthened to limit file system operations to only authorized users and processes. Network segmentation and monitoring solutions should be deployed to detect and alert on suspicious file deletion activities. Additionally, regular security assessments and vulnerability scanning should be conducted to identify similar weaknesses in other components of the system. The remediation process should include comprehensive testing to ensure that the patch does not introduce regressions in system functionality while effectively addressing the arbitrary file deletion vulnerability.