cbcvebase.
CVE-2024-36840
published 2024-06-12

CVE-2024-36840: SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the…

PriorityP357critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EXPLOIT
EPSS
2.24%
80.6th percentile
SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section parameter to services.php.

Detection & IOCsextracted from sources · hover to see the quote

path/news_details.php?id=
commandid=10071 AND 4036=4036
commandid=10071 AND (SELECT 4443 FROM (SELECT(SLEEP(5)))LjOd)
commandid=-5819 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7170766b71,0x646655514b72686177544968656d6e414e4678595a666f77447a57515750476751524f5941496b55,0x7162626a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -
bytes
0x7170766b71
bytes
0x7162626a71
  • Detect exploitation attempts via Google Dork pattern targeting Boelter Blue installations
  • Monitor GET requests to news_details.php, location_details.php (id parameter) and services.php (section parameter) for SQL injection payloads including SLEEP(), UNION SELECT, and boolean AND conditions
  • Flag HTTP requests containing SLEEP() time-based blind injection patterns in the id or section GET parameters
  • Look for sqlmap tamper=space2comment usage against services.php, indicated by comment-obfuscated whitespace in the section parameter
  • ·Exploitation was tested specifically against MySQL >= 5.0.12; time-based blind payloads using SLEEP() are MySQL-specific and may not apply to other DBMS backends
  • ·Vulnerability is confirmed only in version 1.3 of Boelter Blue System Management; other versions are not assessed
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.