{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42084?format=json","vulnerability_id":"VCID-1hn3-t5qx-kqd9","summary":"SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section parameter to services.php.","aliases":[{"alias":"CVE-2024-36840"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"http://seclists.org/fulldisclosure/2024/Jun/0","reference_id":"0","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-06-12T16:49:16Z/"}],"url":"http://seclists.org/fulldisclosure/2024/Jun/0"},{"reference_url":"https://packetstormsecurity.com/files/178978/Boelter-Blue-System-Management-1.3-SQL-Injection.html","reference_id":"Boelter-Blue-System-Management-1.3-SQL-Injection.html","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-06-12T16:49:16Z/"}],"url":"https://packetstormsecurity.com/files/178978/Boelter-Blue-System-Management-1.3-SQL-Injection.html"},{"reference_url":"https://play.google.com/store/apps/details?id=com.anchor5digital.anchor5adminapp&hl=en_US","reference_id":"details?id=com.anchor5digital.anchor5adminapp&hl=en_US","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-06-12T16:49:16Z/"}],"url":"https://play.google.com/store/apps/details?id=com.anchor5digital.anchor5adminapp&hl=en_US"},{"reference_url":"https://sploitus.com/exploit?id=PACKETSTORM:178978","reference_id":"exploit?id=PACKETSTORM:178978","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-06-12T16:49:16Z/"}],"url":"https://sploitus.com/exploit?id=PACKETSTORM:178978"},{"reference_url":"https://vuldb.com/?id.267594","reference_id":"?id.267594","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-06-12T16:49:16Z/"}],"url":"https://vuldb.com/?id.267594"},{"reference_url":"https://infosec-db.github.io/CyberDepot/vuln_boelter_blue/","reference_id":"vuln_boelter_blue","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-06-12T16:49:16Z/"}],"url":"https://infosec-db.github.io/CyberDepot/vuln_boelter_blue/"}],"weaknesses":[],"exploits":[],"severity_range_score":"9.1 - 9.1","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1hn3-t5qx-kqd9"}