CVE-2023-33584
CVE-2023-33584
Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
n/a · n/aPoCs públicas encontradas — 3
cve_referencepacketstormsecurity.com/files/172718/Enrollment-System-Project-1.0-Authentication-Bypass-SQL-Injection.htmlno verificadocve_referencepacketstormsecurity.com/files/cve/CVE-2023-33584no verificadocve_referencewww.exploit-db.com/exploits/51501no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://packetstormsecurity.com/files/172718/Enrollment-System-Project-1.0-Authentication-Bypass-SQL-Injection.htmlhttps://github.com/sudovivek/My-CVE/blob/main/CVE-2023-33584_exploit.mdhttps://packetstormsecurity.com/files/cve/CVE-2023-33584https://www.exploit-db.com/exploits/51501https://www.sourcecodester.com/php/14444/enrollment-system-project-source-code-using-phpmysql.html