CVE-2023-33584
CVE-2023-33584
Vexday Risk Score
53Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 9.8EPSS 14.2%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Ciclo de vida
21 jun 2023Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
n/a · n/aPoCs públicas encontradas — 3
cve_referencepacketstormsecurity.com/files/172718/Enrollment-System-Project-1.0-Authentication-Bypass-SQL-Injection.htmlno verificadocve_referencepacketstormsecurity.com/files/cve/CVE-2023-33584no verificadocve_referencewww.exploit-db.com/exploits/51501no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://packetstormsecurity.com/files/172718/Enrollment-System-Project-1.0-Authentication-Bypass-SQL-Injection.htmlhttps://github.com/sudovivek/My-CVE/blob/main/CVE-2023-33584_exploit.mdhttps://packetstormsecurity.com/files/cve/CVE-2023-33584https://www.exploit-db.com/exploits/51501https://www.sourcecodester.com/php/14444/enrollment-system-project-source-code-using-phpmysql.html