CVE-2023-53975
CVE-2023-53975
9.3
CriticalPublished:
Last updated:
Source:disclosure@vulncheck.com
Modified
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Network
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- None
- User Interaction
- None
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- High
- Availability (Vulnerable)
- Low
- Confidentiality (Subsequent)
- None
- Integrity (Subsequent)
- None
- Availability (Subsequent)
- None
Description
Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries through unvalidated parameters. Attackers can inject malicious SQL code in the 'id' parameter of the admin index page to execute time-based blind SQL injection attacks.
References
disclosure@vulncheck.com
https://github.com/thedigicraft/Atom.CMSdisclosure@vulncheck.com
https://www.exploit-db.com/exploits/51086disclosure@vulncheck.com
https://www.vulncheck.com/advisories/atom-cms-unauthenticated-sql-injection-via-admin-index-page