CVE-2023-34754

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jun 14, 2023

Updated: Jun 17, 2023

CWE ID 89

Summary

CVE-2023-34754 is a vulnerability affecting bloofox version 0.5.2.1. An attacker can exploit this SQL injection flaw by manipulating the pid parameter in admin/index.php?mode=settings&page=plugins&action=edit. Successful exploitation could grant unauthorized access to sensitive data or enable remote code execution, posing a significant risk to affected systems. Users are strongly advised to update to the latest version of bloofox to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ro2o1L
https://www.cve.org/CVERecord?id=CVE-2023-34754
https://nvd.nist.gov/vuln/detail/CVE-2023-34754

Back to Vulnerability Database

CVE-2023-34754

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations