Login Sign Up

CVE-2023-1964

7.3 HIGH
SQL Injection Authentication Bypass

📋 TL;DR

This critical SQL injection vulnerability in PHPGurukul Bank Locker Management System 1.0 allows attackers to manipulate database queries through the password recovery function. Remote attackers can potentially access, modify, or delete sensitive banking data. All installations of version 1.0 are affected.

💻 Affected Systems

Products:
  • PHPGurukul Bank Locker Management System
Versions: 1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all installations with default configuration. The vulnerability is in the core password reset functionality.

📦 What is this software?

Bank Locker Management System by Phpgurukul

View all CVEs affecting Bank Locker Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including customer PII, financial records, and administrative credentials leading to data theft, financial fraud, and system takeover.

🟠

Likely Case

Unauthorized access to sensitive customer data, potential credential theft, and database manipulation affecting locker management operations.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, potentially only error messages or limited data exposure.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit documentation exists showing SQL injection via uname/mobile parameters in recovery.php. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: No

Instructions:

No official patch available. Consider replacing with secure alternative software or implementing custom fixes with parameterized queries.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add strict input validation and parameterized queries to recovery.php

Edit recovery.php to replace raw SQL with prepared statements using mysqli or PDO

WAF Rule Implementation

all

Deploy web application firewall rules to block SQL injection patterns

Add WAF rule: Detect and block SQL injection patterns in POST parameters

🧯 If You Can't Patch

  • Isolate the system behind a firewall with strict access controls
  • Implement network segmentation and monitor all traffic to/from the vulnerable system

🔍 How to Verify

Check if Vulnerable:

Test recovery.php with SQL injection payloads in uname or mobile parameters

Check Version:

Check system documentation or configuration files for version information

Verify Fix Applied:

Verify that parameterized queries are implemented and SQL injection attempts return errors or are blocked

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL errors in application logs
  • Multiple failed password recovery attempts with SQL syntax in parameters

Network Indicators:

  • SQL keywords in POST requests to recovery.php
  • Unusual database query patterns

SIEM Query:

source="web_logs" AND uri="/recovery.php" AND (request_body CONTAINS "UNION" OR request_body CONTAINS "SELECT" OR request_body CONTAINS "INSERT")

📊 Metadata

CVE ID: CVE-2023-1964
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-89
Published: April 9, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-1964, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)