SQL Injection Vulnerability in bloofox by PHPcodecms
CVE-2023-29597

8.8HIGH

Key Information:

Vendor: Bloofox
Status: Bloofoxcms
Vendor: CVE Published:; 13 April 2023

What is CVE-2023-29597?

A SQL injection vulnerability was identified in bloofox v0.5.2, specifically through the /index.php component. This flaw allows an attacker to manipulate SQL queries by inserting malicious code, potentially compromising the integrity and confidentiality of the database information. It is crucial for users of bloofox to implement security measures and update their versions to mitigate this risk.

References

https://github.com/jspring996/PHPcodecms/issues/2

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2023
Vulnerability Reserved
Apr 7, 2023

CVE-2023-29597 Data

JSON

Bloofox

What is CVE-2023-29597?

References

CVSS V3.1

Timeline