Login Sign Up

CVE-2023-23162

9.8 CRITICAL
SQL Injection

📋 TL;DR

This SQL injection vulnerability in Art Gallery Management System v1.0 allows attackers to execute arbitrary SQL commands via the cid parameter in product.php. This can lead to data theft, authentication bypass, or complete system compromise. Anyone running this specific version of the software is affected.

💻 Affected Systems

Products:
  • Art Gallery Management System Project
Versions: v1.0
Operating Systems: Any OS running PHP/MySQL
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the specific version from PHPGurukul; other versions may also be vulnerable if using similar code.

📦 What is this software?

Art Gallery Management System by Phpgurukul

View all CVEs affecting Art Gallery Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data exfiltration, authentication bypass, privilege escalation, and potential remote code execution if database permissions allow.

🟠

Likely Case

Unauthorized data access, modification, or deletion of gallery content, user data, and potentially administrative credentials.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code exists on Packet Storm Security and GitHub; exploitation requires minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Replace vulnerable product.php with secure version using parameterized queries or migrate to supported software.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add input validation to sanitize the cid parameter before processing.

Modify product.php to validate cid as integer: if(!is_numeric($_GET['cid'])) { die('Invalid input'); }

Web Application Firewall (WAF)

all

Deploy WAF rules to block SQL injection patterns in requests.

🧯 If You Can't Patch

  • Isolate the system from internet access and restrict to internal network only.
  • Implement strict network segmentation and monitor all database queries for anomalies.

🔍 How to Verify

Check if Vulnerable:

Test product.php with malicious cid parameter (e.g., product.php?cid=1' OR '1'='1) and check for SQL errors or unexpected behavior.

Check Version:

Check project files or documentation for version 1.0 reference; no built-in version command.

Verify Fix Applied:

After applying workarounds, retest with same malicious inputs; should return error or sanitized response without SQL execution.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL error messages in web server logs
  • Multiple rapid requests to product.php with varying cid parameters
  • Database queries containing SQL keywords from web input

Network Indicators:

  • HTTP requests to product.php with SQL injection patterns in parameters
  • Unusual database connection patterns from web server

SIEM Query:

source="web_logs" AND uri="*product.php*" AND (param="*cid=*'*" OR param="*cid=*%27*")

📊 Metadata

CVE ID: CVE-2023-23162
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: February 10, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-23162, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)