CVE-2023-34752
published 2023-06-14CVE-2023-34752: bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit.
PriorityP258critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
5.46%
91.7th percentile
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bloofox | bloofoxcms | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandlid='+AND+(SELECT+7401+FROM+(SELECT(SLEEP(6)))hwrS)--+
path/admin/index.php
- →Detect time-based blind SQL injection attempts against bloofoxCMS by monitoring POST requests to /admin/index.php?mode=settings&page=lang&action=edit containing SLEEP() payloads in the 'lid' parameter.
- →Use FOFA or similar fingerprinting to identify exposed bloofoxCMS instances via the banner string 'Powered by bloofoxCMS', which are candidate targets for this vulnerability.
- →Flag authenticated POST requests to the language edit endpoint where the 'lid' parameter contains SQL metacharacters (e.g., single quotes, SQL keywords such as SELECT/SLEEP/AND) as indicative of CVE-2023-34752 exploitation. ↗
- →A response time >= 6 seconds from the target following a POST to the language edit endpoint with a SLEEP-based lid payload is a strong indicator of successful time-based blind SQL injection exploitation.
- →Confirm exploitation by checking that the response body contains 'bloofoxCMS Admincenter' and Content-Type header is 'text/html', indicating the injected request was processed by an authenticated admin session.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
bloofoxCMS v0.5.2.1 - SQL Injection
nuclei·CVSS 9.8
CVE-2023-34752 [CRITICAL] bloofoxCMS v0.5.2.1 - SQL Injection
bloofoxCMS v0.5.2.1 - SQL Injection
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit.
Template:
id: CVE-2023-34752
info:
name: bloofoxCMS v0.5.2.1 - SQL Injection
author: theamanrawat
severity: critical
description: |
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit.
impact: |
Authenticated attackers can exploit SQL injection through the lid parameter in language settings to extract database contents, manipulate CMS data, and potentially execute commands on the underlying database server.
remediation: |
Update bloofoxCMS to a version newer than 0.5.2.1 that uses parameterized queries or
2023-06-14
Published