CVE-2023-33584

high-risk
Published 2023-06-21

Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code.

Do I need to act?

!
30.7% chance of exploitation in next 30 days
EPSS score — higher than 69% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
51501
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Enrollment System Project

References (10)

Exploit http://packetstormsecurity.com/files/172718/Enrollment-System-Project-1.0-Authen...
https://github.com/sudovivek/My-CVE/blob/main/CVE-2023-33584_exploit.md
Third Party Advisory https://packetstormsecurity.com/files/cve/CVE-2023-33584
https://www.exploit-db.com/exploits/51501
Product https://www.sourcecodester.com/php/14444/enrollment-system-project-source-code-u...
Exploit http://packetstormsecurity.com/files/172718/Enrollment-System-Project-1.0-Authen...
https://github.com/sudovivek/My-CVE/blob/main/CVE-2023-33584_exploit.md
Third Party Advisory https://packetstormsecurity.com/files/cve/CVE-2023-33584
https://www.exploit-db.com/exploits/51501
Product https://www.sourcecodester.com/php/14444/enrollment-system-project-source-code-u...
60
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 23/34 · High
Exposure 5/34 · Minimal