cbcvebase.
CVE-2023-34752
published 2023-06-14

CVE-2023-34752: bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit.

PriorityP258critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
5.46%
91.7th percentile
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit.

Affected

1 ranges
VendorProductVersion rangeFixed in
bloofoxbloofoxcms

Detection & IOCsextracted from sources · hover to see the quote

urladmin/index.php?mode=settings&page=lang&action=edit
commandlid='+AND+(SELECT+7401+FROM+(SELECT(SLEEP(6)))hwrS)--+
path/admin/index.php
  • Detect time-based blind SQL injection attempts against bloofoxCMS by monitoring POST requests to /admin/index.php?mode=settings&page=lang&action=edit containing SLEEP() payloads in the 'lid' parameter.
  • Use FOFA or similar fingerprinting to identify exposed bloofoxCMS instances via the banner string 'Powered by bloofoxCMS', which are candidate targets for this vulnerability.
  • Flag authenticated POST requests to the language edit endpoint where the 'lid' parameter contains SQL metacharacters (e.g., single quotes, SQL keywords such as SELECT/SLEEP/AND) as indicative of CVE-2023-34752 exploitation.
  • A response time >= 6 seconds from the target following a POST to the language edit endpoint with a SLEEP-based lid payload is a strong indicator of successful time-based blind SQL injection exploitation.
  • Confirm exploitation by checking that the response body contains 'bloofoxCMS Admincenter' and Content-Type header is 'text/html', indicating the injected request was processed by an authenticated admin session.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.