QwikSec

Security Database

CVE

CWE

Training

CVE-2024-36840

Published: Jun 12, 2024

Modified: Aug 2, 2024

PUBLISHED

Description

SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section parameter to services.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://infosec-db.github.io/CyberDepot/vuln_boelter_blue/

https://play.google.com/store/apps/details?id=com.anchor5digital.anchor5adminapp&hl=en_US

20240609 SQL Injection Vulnerability in Boelter Blue System Management (version 1.3)

mailing-list

https://packetstormsecurity.com/files/178978/Boelter-Blue-System-Management-1.3-SQL-Injection.html

https://sploitus.com/exploit?id=PACKETSTORM:178978

https://vuldb.com/?id.267594

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.