SQL Injection Vulnerability in Bloofox Web Application by Vendor Bloofox
CVE-2023-34751

9.8CRITICAL

Key Information:

Vendor: Bloofox
Status: Bloofoxcms
Vendor: CVE Published:; 14 June 2023

What is CVE-2023-34751?

Bloofox v0.5.2.1 has been found to be susceptible to SQL injection, specifically through the gid parameter when accessed via admin/index.php?mode=user&page=groups&action=edit. This vulnerability can potentially allow attackers to manipulate database queries, leading to unauthorized access or data leaks within the application.

References

https://ndmcyb.hashnode.dev/bloofox-v0521-was-discovered-...

EPSS Score

33% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 14, 2023
Vulnerability Reserved
Jun 7, 2023

CVE-2023-34751 Data

JSON