CVE-2023-50035
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of "password" parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed.
PHPGurukul Small CRM 3.0 es vulnerable a la inyección SQL en el panel de inicio de sesión de los usuarios debido a que el parámetro "password" se usa directamente en la consulta SQL sin ninguna sanitización y sin que se ejecute el payload de la inyección SQL.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-12-04 CVE Reserved
- 2023-12-29 CVE Published
- 2024-01-06 EPSS Updated
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/hackerhijeck/Exploited/blob/main/Small_CRM/SQL-Injection.md | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Small Crm Project Search vendor "Small Crm Project" | Small Crm Search vendor "Small Crm Project" for product "Small Crm" | 3.0 Search vendor "Small Crm Project" for product "Small Crm" and version "3.0" | - |
Affected
| ||||||