cbcvebase.
CVE-2023-34755
published 2023-06-14

CVE-2023-34755: bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit.

PriorityP258critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
4.23%
89.8th percentile
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit.

Affected

1 ranges
VendorProductVersion rangeFixed in
bloofoxbloofoxcms

Detection & IOCsextracted from sources · hover to see the quote

url/admin/index.php?mode=user&action=edit
commanduserid='+AND+(SELECT+7401+FROM+(SELECT(SLEEP(6)))hwrS)--+
path/admin/index.php
  • Detect time-based blind SQL injection attempts against bloofoxCMS by monitoring POST requests to /admin/index.php?mode=user&action=edit containing SLEEP() payloads in the userid parameter; a response duration >= 6 seconds indicates successful injection.
  • Fingerprint bloofoxCMS instances exposed on the internet using the FOFA query 'Powered by bloofoxCMS' to identify potential targets running the vulnerable version 0.5.2.1.
  • Confirm exploitation by checking that the HTTP response body contains 'bloofoxCMS Admincenter' and Content-Type header contains 'text/html', alongside a response delay of 6 or more seconds.
  • The attack is authenticated; monitor for a prior POST login request to /admin/index.php with action=login immediately followed by the SQLi POST to the user edit endpoint from the same source IP.
  • ·The SLEEP duration in the time-based payload is set to 6 seconds, and the Nuclei template timeout is 10 seconds; WAF or network latency may cause false negatives if response times are artificially elevated or the sleep is blocked.
  • ·Exploitation requires valid credentials to authenticate to the admin panel first (authenticated SQLi); unauthenticated detection attempts will fail at the login step.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.