Lucene search

MitreCVE-2023-33584

HistoryJun 21, 2023 - 1:15 p.m.

CVE-2023-33584

2023-06-2113:15:10

CWE-89

mitre

web.nvd.nist.gov

cwe-89

cve-2023-33584

sql injection

sourcecodester enrollment system project

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.006

Percentile

79.5%

JSON

Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code.

Affected configurations

Nvd

Node

enrollment_system_projectenrollment_systemMatch1.0

VendorProductVersionCPE
enrollment_system_projectenrollment_system1.0cpe:2.3:a:enrollment_system_project:enrollment_system:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
enrollment_system_project	enrollment_system	1.0	cpe:2.3:a:enrollment_system_project:enrollment_system:1.0:::::::*

References

packetstormsecurity.com/files/172718/Enrollment-System-Project-1.0-Authentication-Bypass-SQL-Injection.html

github.com/sudovivek/My-CVE/blob/main/CVE-2023-33584_exploit.md

packetstormsecurity.com/files/cve/CVE-2023-33584

www.exploit-db.com/exploits/51501

www.sourcecodester.com/php/14444/enrollment-system-project-source-code-using-phpmysql.html

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.006

Percentile

79.5%

JSON

Related for CVE-2023-33584