CVE-2023-33584

Опубликовано: 21 июн. 2023

Источник: nvd

CVSS3: 9.8

EPSS Средний

Описание

Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code.

Ссылки

http://packetstormsecurity.com/files/172718/Enrollment-System-Project-1.0-Authentication-Bypass-SQL-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/sudovivek/My-CVE/blob/main/CVE-2023-33584_exploit.md
https://packetstormsecurity.com/files/cve/CVE-2023-33584
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/51501
https://www.sourcecodester.com/php/14444/enrollment-system-project-source-code-using-phpmysql.html
Product
http://packetstormsecurity.com/files/172718/Enrollment-System-Project-1.0-Authentication-Bypass-SQL-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/sudovivek/My-CVE/blob/main/CVE-2023-33584_exploit.md
https://packetstormsecurity.com/files/cve/CVE-2023-33584
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/51501
https://www.sourcecodester.com/php/14444/enrollment-system-project-source-code-using-phpmysql.html
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:enrollment_system_project:enrollment_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.30651

Средний

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-8wqh-3wxx-4342