CVE-2023-33584
CVE-2023-33584
Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/172718/Enrollment-System-Project-1.0-Authentication-Bypass-SQL-Injection.htmlunverifiedcve_referencepacketstormsecurity.com/files/cve/CVE-2023-33584unverifiedcve_referencewww.exploit-db.com/exploits/51501unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/172718/Enrollment-System-Project-1.0-Authentication-Bypass-SQL-Injection.htmlhttps://github.com/sudovivek/My-CVE/blob/main/CVE-2023-33584_exploit.mdhttps://packetstormsecurity.com/files/cve/CVE-2023-33584https://www.exploit-db.com/exploits/51501https://www.sourcecodester.com/php/14444/enrollment-system-project-source-code-using-phpmysql.html