CVE-2023-34753
published 2023-06-14CVE-2023-34753: bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit.
PriorityP357critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
4.23%
89.8th percentile
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bloofox | bloofoxcms | — | — |
Detection & IOCsextracted from sources · hover to see the quote
path/admin/index.php
commandtid='+AND+(SELECT+7401+FROM+(SELECT(SLEEP(6)))hwrS)--+
- →Detect time-based blind SQL injection attempts against bloofoxCMS by monitoring POST requests to /admin/index.php?mode=settings&page=tmpl&action=edit containing SLEEP() payloads in the tid parameter.
- →Look for response delays of 6 seconds or more on POST requests to the bloofoxCMS template edit endpoint as an indicator of successful time-based SQLi exploitation.
- →Identify bloofoxCMS instances exposed on the internet using the FOFA fingerprint 'Powered by bloofoxCMS' in page content.
- →Confirm exploitation by checking that the response body contains 'bloofoxCMS Admincenter' alongside a Content-Type of text/html after the injected request.
- ·The Nuclei template is tagged 'authenticated', meaning automated scanning requires valid CMS admin credentials to reproduce or detect this vulnerability.
- ·The CVSS score of 9.8 (PR:N) reflects unauthenticated network access in the base vector, but the actual exploit chain in the PoC template requires authenticated access — defenders should treat this as an authenticated critical finding.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
bloofoxCMS v0.5.2.1 - SQL Injection
nuclei·CVSS 9.8
CVE-2023-34753 [CRITICAL] bloofoxCMS v0.5.2.1 - SQL Injection
bloofoxCMS v0.5.2.1 - SQL Injection
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit.
Template:
id: CVE-2023-34753
info:
name: bloofoxCMS v0.5.2.1 - SQL Injection
author: theamanrawat
severity: critical
description: |
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit.
impact: |
Authenticated attackers can exploit SQL injection through the tid parameter in the template settings page to extract database contents, manipulate CMS data, and potentially execute commands on the underlying database server.
remediation: |
Update bloofoxCMS to a version newer than 0.5.2.1 that uses parameterized qu
No writeups or analysis indexed.
2023-06-14
Published