Login Sign Up

CVE-2023-41623

7.2 HIGH
SQL Injection

📋 TL;DR

Emlog Pro version 2.1.14 contains a SQL injection vulnerability in the uid parameter at /admin/media.php. This allows attackers to execute arbitrary SQL commands on the database. Only administrators who can access the admin interface are directly affected, but successful exploitation could lead to broader system compromise.

💻 Affected Systems

Products:
  • Emlog Pro
Versions: 2.1.14
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires admin access to reach /admin/media.php endpoint. The vulnerability is in the backend admin interface.

📦 What is this software?

Emlog by Emlog

View all CVEs affecting Emlog →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, privilege escalation, remote code execution, or complete system takeover.

🟠

Likely Case

Unauthorized data access, modification, or deletion from the database, potentially including user credentials and sensitive content.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and database permissions restricting damage to non-critical data.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

SQL injection via uid parameter is well-understood attack vector. Public proof-of-concept exists in GitHub repository.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Check Emlog website for security updates. 2. If patch available, download and apply according to vendor instructions. 3. Verify fix by testing the vulnerable endpoint.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to sanitize uid parameter before processing

Modify /admin/media.php to validate uid parameter as integer using is_numeric() or similar function

WAF Rule

all

Implement web application firewall rules to block SQL injection patterns

Add WAF rule to detect and block SQL injection attempts on uid parameter

🧯 If You Can't Patch

  • Restrict access to /admin/media.php endpoint using IP whitelisting or authentication requirements
  • Implement database-level protections: use least privilege accounts, enable query logging, and regular backups

🔍 How to Verify

Check if Vulnerable:

Test /admin/media.php endpoint with SQL injection payloads in uid parameter (e.g., uid=1' OR '1'='1)

Check Version:

Check Emlog version in admin dashboard or configuration files

Verify Fix Applied:

Test the same SQL injection payloads after applying fixes to confirm they are blocked or sanitized

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed login attempts followed by admin access
  • Suspicious patterns in uid parameter values

Network Indicators:

  • HTTP requests to /admin/media.php with SQL keywords in parameters
  • Unusual database connection patterns from web server

SIEM Query:

source="web_logs" AND uri="/admin/media.php" AND (param="uid" AND value MATCH "'|OR|UNION|SELECT")

📊 Metadata

CVE ID: CVE-2023-41623
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: December 12, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-41623, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)