CVE-2024-36840

CRITICAL

Boelter Blue System Management <1.3 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-36840. PoCs published by theexploiters.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2024-36840, a SQL injection vulnerability in Boelter Blue System Management (version 1.3). It includes specific payloads, vulnerable endpoints, and exploitation examples using sqlmap.

Description

SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to execute arbitrary code and obtain sensitive information via the id parameter to news_details.php and location_details.php; and the section parameter to services.php.

Exploits (1)

nomisec WRITEUP 2 stars
by theexploiters · poc
https://github.com/theexploiters/CVE-2024-36840-Exploit

This repository provides a detailed technical analysis of CVE-2024-36840, a SQL injection vulnerability in Boelter Blue System Management (version 1.3). It includes specific payloads, vulnerable endpoints, and exploitation examples using sqlmap.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Boelter Blue System Management version 1.3
No auth needed
Prerequisites: Access to vulnerable endpoints · sqlmap or similar tool for exploitation
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6

Scores

CVSS v3 9.1
EPSS 0.0224
EPSS Percentile 80.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Published Jun 12, 2024
Tracked Since Feb 18, 2026