← back
CVE-2023-33584

CVE-2023-33584

CVSS 9.8 CRITICALEPSS 14.2%CWE-89
Vexday Risk Score
53Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 9.8EPSS 14.2%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
21 Jun 2023Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found3
cve_referencepacketstormsecurity.com/files/172718/Enrollment-System-Project-1.0-Authentication-Bypass-SQL-Injection.htmlunverifiedcve_referencepacketstormsecurity.com/files/cve/CVE-2023-33584unverifiedcve_referencewww.exploit-db.com/exploits/51501unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/172718/Enrollment-System-Project-1.0-Authentication-Bypass-SQL-Injection.htmlhttps://github.com/sudovivek/My-CVE/blob/main/CVE-2023-33584_exploit.mdhttps://packetstormsecurity.com/files/cve/CVE-2023-33584https://www.exploit-db.com/exploits/51501https://www.sourcecodester.com/php/14444/enrollment-system-project-source-code-using-phpmysql.html