cbcvebase.
CVE-2023-34751
published 2023-06-14

CVE-2023-34751: bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit.

PriorityP357critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
4.23%
89.8th percentile
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit.

Affected

1 ranges
VendorProductVersion rangeFixed in
bloofoxbloofoxcms

Detection & IOCsextracted from sources · hover to see the quote

url/admin/index.php?mode=user&page=groups&action=edit
commandgid='+AND+(SELECT+7401+FROM+(SELECT(SLEEP(6)))hwrS)--+
path/admin/index.php
  • Detect time-based SQL injection attempts targeting the `gid` parameter in POST requests to `/admin/index.php?mode=user&page=groups&action=edit`. Look for SLEEP() payloads in the POST body.
  • Flag POST requests to `/admin/index.php` with query parameters `mode=user&page=groups&action=edit` containing SQL keywords (SELECT, SLEEP, AND) in the `gid` field.
  • Use FOFA/Shodan fingerprint `Powered by bloofoxCMS` to identify exposed bloofoxCMS instances for proactive scanning.
  • A response duration >= 6 seconds on the groups edit endpoint indicates successful time-based blind SQL injection exploitation.
  • The attack is authenticated — monitor for login attempts to `/admin/index.php` (action=login) immediately followed by exploitation requests to the groups edit endpoint.
  • ·The CVSS score of 9.8 (Critical, AV:N/AC:L/PR:N) in the template metadata conflicts with the authenticated nature of the exploit described in the HTTP flow; actual exploitability requires valid credentials.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.