Login Sign Up

CVE-2023-42454

10.0 CRITICAL

📋 TL;DR

This vulnerability in SQLpage allows attackers to retrieve database connection strings from publicly exposed instances, potentially gaining direct access to databases. It affects SQLpage versions before 0.11.1 when specific configuration conditions are met. Users with publicly exposed SQLpage instances storing database credentials in configuration files are at risk.

💻 Affected Systems

Products:
  • SQLpage
Versions: All versions prior to 0.11.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires all conditions: public exposure, database connection string in sqlpage.json, web_root as current directory, and publicly exposed database.

📦 What is this software?

Sqlpage by Lovasoa

View all CVEs affecting Sqlpage →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full database compromise including data theft, modification, or deletion, and potential lateral movement to other systems.

🟠

Likely Case

Database credential exposure leading to unauthorized data access and potential data exfiltration.

🟢

If Mitigated

No impact if database is not publicly exposed and credentials are stored securely.

🌐 Internet-Facing: HIGH - Publicly exposed instances with vulnerable configurations can be exploited remotely.
🏢 Internal Only: MEDIUM - Internal instances still vulnerable if attackers gain network access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires specific configuration conditions but is straightforward when present.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.11.1

Vendor Advisory: https://github.com/lovasoa/SQLpage/security/advisories/GHSA-v5wf-jg37-r9m5

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Update SQLpage to version 0.11.1 or later. 3. Restart SQLpage service. 4. Verify version with 'sqlpage --version'.

🔧 Temporary Workarounds

Use Environment Variable for Database Connection

all

Store database connection string in environment variable instead of configuration file.

export DATABASE_URL="your_connection_string_here"
Remove database connection from sqlpage.json

Change Web Root Directory

all

Set web_root to directory that is not parent of SQLpage configuration directory.

Edit sqlpage.json to set "web_root": "/path/to/safe/directory"

🧯 If You Can't Patch

  • Move database connection string from sqlpage.json to environment variable
  • Ensure database is not publicly exposed and restrict network access

🔍 How to Verify

Check if Vulnerable:

Check if SQLpage version < 0.11.1 AND database connection string is in sqlpage.json AND web_root is current directory.

Check Version:

sqlpage --version

Verify Fix Applied:

Confirm version is 0.11.1+ with 'sqlpage --version' and verify database connection is not exposed in configuration.

📡 Detection & Monitoring

Log Indicators:

  • Unusual database connection attempts
  • Configuration file access patterns

Network Indicators:

  • Unexpected database connections from web server IPs
  • SQLpage configuration file requests

SIEM Query:

source="sqlpage.log" AND ("configuration" OR "database_connection")

📊 Metadata

CVE ID: CVE-2023-42454
CVSS v3 Score: 10.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
CWE: CWE-200
Published: September 18, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-42454, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)
CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)
CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)