CVE-2023-34756
published 2023-06-14CVE-2023-34756: bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit.
PriorityP357critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
4.23%
89.8th percentile
bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bloofox | bloofoxcms | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandname=ISO-8859-1&description=&cid=2'+AND+(SELECT+7401+FROM+(SELECT(SLEEP(6)))hwrS)--+&send=Save
path/admin/index.php
- →Detect time-based SQL injection attempts against the Bloofox CMS charset settings endpoint by monitoring POST requests to /admin/index.php?mode=settings&page=charset&action=edit with a `cid` parameter containing SQL sleep payloads (e.g., SLEEP(6)).
- →Use FOFA queries 'Powered by bloofoxCMS' or 'powered by bloofoxcms' to identify exposed Bloofox CMS instances for proactive scanning.
- →A successful exploitation attempt is confirmed when the HTTP response has status 200, Content-Type header contains 'text/html', the response body contains 'Admincenter', and the response duration is >= 6 seconds (indicating the SLEEP payload executed).
- →The attack is authenticated — monitor for a prior login POST to /admin/index.php with username/password fields followed immediately by the malicious charset edit request, indicating a two-step exploitation chain.
- ·The vulnerability is specific to Bloofox CMS version 0.5.2.1; the CPE identifier confirms the exact affected version.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Bloofox v0.5.2.1 - SQL Injection
nuclei·CVSS 9.8
CVE-2023-34756 [CRITICAL] Bloofox v0.5.2.1 - SQL Injection
Bloofox v0.5.2.1 - SQL Injection
Bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit.
Template:
id: CVE-2023-34756
info:
name: Bloofox v0.5.2.1 - SQL Injection
author: theamanrawat
severity: critical
description: |
Bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit.
impact: |
Authenticated attackers can exploit time-based SQL injection in the cid parameter to extract sensitive database information including user credentials and CMS configuration data from the Bloofox system.
remediation: |
Update Bloofox to a version newer than 0.5.2.1 that uses parameterized queries and properly valida
No writeups or analysis indexed.
2023-06-14
Published