Security for everyone

CVE-2023-34755 Scanner

Detects 'SQL Injection' vulnerability in bloofoxCMS affects v. 0.5.2.1, enabling attackers to execute arbitrary SQL commands.

SCAN NOW

Short Info


Level

Critical

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Source

-

bloofoxCMS, a comprehensive content management system designed for creating and managing websites, is widely used for its user-friendly interface and flexible content management features. It offers various functionalities including content editing, user management, and template customization, making it suitable for both personal and professional web projects. Its open-source nature allows for community-driven improvements and customization, catering to a wide range of web development needs.

The CVE-2023-34755 vulnerability in bloofoxCMS v0.5.2.1 involves a critical SQL Injection flaw that could be exploited through the userid parameter in the admin panel. This vulnerability allows unauthenticated attackers to inject malicious SQL queries, compromising the database's integrity and security. It represents a significant security risk, leading to potential unauthorized access to sensitive information or even full control over the CMS.

Specifically, the vulnerability resides within the admin/index.php file, where the userid parameter lacks proper sanitization, making it susceptible to SQL injection. By crafting a malicious request to the user edit function (mode=user&action=edit), attackers can manipulate SQL queries executed by the CMS. This flaw exposes the system to various attacks, including data theft, modification, and in some cases, complete system compromise.

Exploitation of this SQL Injection vulnerability could lead to severe consequences, including unauthorized access to sensitive data, database manipulation, and potentially taking control of the CMS. Such a breach could result in data loss, privacy violations, and a significant impact on the organization's reputation and trustworthiness.

Security for Everyone's platform offers a proactive approach to identifying and mitigating vulnerabilities like CVE-2023-34755 in bloofoxCMS. Our comprehensive Cyber Threat Exposure Management service helps users detect and address security flaws before they can be exploited. By leveraging our scanning and remediation guidance, members can significantly enhance their security posture, protect digital assets, and maintain trust with their users.

 

References

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture