CVE-2023-34756 Scanner
Detects 'SQL Injection' vulnerability in Bloofox affects v. 0.5.2.1.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
4 week
Scan only one
Domain, Ipv4
Toolbox
-
Bloofox CMS is an open-source content management system designed for the easy creation and management of websites. It caters to both individual and business needs, providing tools for website development without requiring in-depth programming knowledge. Bloofox is utilized for its user-friendly interface and flexible customization options, making it suitable for various types of web projects.
The CVE-2023-34756 vulnerability in Bloofox v0.5.2.1 is a critical SQL Injection flaw that allows attackers to execute arbitrary SQL commands through the cid parameter in the charset editing functionality of the admin panel. This security flaw poses a significant risk as it can lead to unauthorized access, data leakage, and even full system compromise.
The vulnerability is present in the admin/index.php file when accessing the charset edit page (mode=settings&page=charset&action=edit). Due to insufficient validation of user input for the cid parameter, attackers can inject malicious SQL statements, compromising the database integrity and bypassing authentication mechanisms.
Exploitation of this vulnerability can lead to unauthorized data access, manipulation of database entries, disclosure of sensitive information, and potentially, control over the affected CMS. This could have severe implications for data confidentiality, website integrity, and user trust.
By leveraging S4E's advanced scanning capabilities, users can identify vulnerabilities like CVE-2023-34756 in Bloofox CMS early on. Our platform provides detailed insights and remediation guidelines to help secure your digital assets against potential threats, enhancing overall security posture and compliance.
References