Login Sign Up

CVE-2023-1545

7.5 HIGH
SQL Injection

📋 TL;DR

This CVE describes an SQL injection vulnerability in TeamPass password manager software versions prior to 3.0.0.23. Attackers can inject malicious SQL queries through user inputs, potentially accessing or manipulating the password database. All users running affected TeamPass versions are at risk.

💻 Affected Systems

Products:
  • TeamPass
Versions: All versions prior to 3.0.0.23
Operating Systems: Any OS running TeamPass (typically Linux)
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all TeamPass installations regardless of configuration.

📦 What is this software?

Teampass by Teampass

View all CVEs affecting Teampass →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the password database, allowing attackers to exfiltrate all stored credentials, modify or delete passwords, and potentially gain administrative access to the TeamPass instance.

🟠

Likely Case

Unauthorized access to sensitive password data, credential theft, and potential lateral movement to other systems using stolen credentials.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing successful exploitation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

SQL injection vulnerabilities are commonly exploited; proof-of-concept details are available in public references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.0.0.23 and later

Vendor Advisory: https://github.com/nilsteampassnet/teampass/commit/4780252fdb600ef2ec2758f17a37d738570cbe66

Restart Required: No

Instructions:

1. Backup your TeamPass database and configuration. 2. Update TeamPass to version 3.0.0.23 or later via git pull or manual update. 3. Verify the fix by checking the version and testing functionality.

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement additional input validation and sanitization for user inputs in TeamPass.

Web Application Firewall

all

Deploy a WAF with SQL injection protection rules to block malicious requests.

🧯 If You Can't Patch

  • Implement strict input validation and parameterized queries in custom code
  • Restrict network access to TeamPass instance and implement strong authentication controls

🔍 How to Verify

Check if Vulnerable:

Check TeamPass version in administration panel or by examining source files; versions below 3.0.0.23 are vulnerable.

Check Version:

Check TeamPass admin panel or view includes/config.php for version information

Verify Fix Applied:

Confirm version is 3.0.0.23 or later and test SQL injection attempts are blocked.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL query patterns in database logs
  • Multiple failed login attempts or unusual user activity

Network Indicators:

  • SQL injection patterns in HTTP requests to TeamPass endpoints

SIEM Query:

source="web_server" AND (url="*teampass*" AND (method="POST" OR method="GET") AND (content="' OR '1'='1" OR content="UNION SELECT"))

📊 Metadata

CVE ID: CVE-2023-1545
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-89
Published: March 21, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-1545, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)