Lucene search

[email protected]NVD:CVE-2023-50035

HistoryDec 29, 2023 - 9:15 p.m.

CVE-2023-50035

2023-12-2921:15:08

CWE-89

[email protected]

web.nvd.nist.gov

cve

phpgurukul

sql injection

users login panel

sanitization

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

33.0%

JSON

PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of “password” parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed.

Affected configurations

Nvd

Node

small_crm_projectsmall_crmMatch3.0

VendorProductVersionCPE
small_crm_projectsmall_crm3.0cpe:2.3:a:small_crm_project:small_crm:3.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
small_crm_project	small_crm	3.0	cpe:2.3:a:small_crm_project:small_crm:3.0:::::::*

References

github.com/hackerhijeck/Exploited/blob/main/Small_CRM/SQL-Injection.md

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

33.0%

JSON

Related for NVD:CVE-2023-50035

cvelist1 cve1 prion1