Login Sign Up

CVE-2023-33762

9.8 CRITICAL
SQL Injection Authentication Bypass

📋 TL;DR

This SQL injection vulnerability in eMedia Consulting simpleRedak allows attackers to execute arbitrary SQL commands via the Activity parameter. Affected systems include all installations of simpleRedak up to version 2.47.23.05, potentially leading to data theft, modification, or complete system compromise.

💻 Affected Systems

Products:
  • eMedia Consulting simpleRedak
Versions: Up to v2.47.23.05
Operating Systems: Any OS running simpleRedak
Default Config Vulnerable: ⚠️ Yes
Notes: All installations using vulnerable versions are affected regardless of configuration.

📦 What is this software?

Simpleredak by Simpleredak

View all CVEs affecting Simpleredak →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data exfiltration, privilege escalation, remote code execution, and full system takeover.

🟠

Likely Case

Unauthorized data access, data manipulation, and potential authentication bypass leading to administrative access.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and network segmentation in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SQL injection via Activity parameter requires minimal technical skill to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2.47.23.06 or later

Vendor Advisory: https://github.com/rauschecker/CVEs/tree/main/CVE-2023-33762

Restart Required: Yes

Instructions:

1. Backup database and configuration. 2. Download latest version from vendor. 3. Install update following vendor instructions. 4. Restart application services. 5. Verify functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for Activity parameter to block SQL injection attempts

Implement parameterized queries in application code
Add input sanitization for Activity parameter

WAF Rule

all

Deploy web application firewall rules to block SQL injection patterns

ModSecurity rule: SecRule ARGS:Activity "@detectSQLi" "id:1001,phase:2,deny"

🧯 If You Can't Patch

  • Isolate vulnerable system behind firewall with strict network access controls
  • Implement database-level protections: minimal privileges, query logging, and intrusion detection

🔍 How to Verify

Check if Vulnerable:

Check application version in admin panel or configuration files. If version is 2.47.23.05 or earlier, system is vulnerable.

Check Version:

Check admin panel or configuration files for version information

Verify Fix Applied:

Verify version is 2.47.23.06 or later. Test Activity parameter with SQL injection test payloads to confirm protection.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed login attempts via Activity parameter
  • Suspicious Activity parameter values in web logs

Network Indicators:

  • SQL keywords in HTTP requests to Activity parameter
  • Unusual database connection patterns
  • Excessive error responses

SIEM Query:

source="web_logs" AND (Activity CONTAINS "UNION" OR Activity CONTAINS "SELECT" OR Activity CONTAINS "INSERT" OR Activity CONTAINS "DELETE")

📊 Metadata

CVE ID: CVE-2023-33762
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: June 2, 2023
Last Updated: January 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-33762, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)