Login Sign Up

CVE-2023-49688

9.8 CRITICAL
SQL Injection Authentication Bypass

📋 TL;DR

Job Portal v1.0 contains unauthenticated SQL injection vulnerabilities in the login.php file, specifically in the 'txtUser' parameter. Attackers can execute arbitrary SQL commands without authentication, potentially compromising the entire database. All deployments of Job Portal v1.0 are affected.

💻 Affected Systems

Products:
  • Job Portal
Versions: v1.0
Operating Systems: All platforms running PHP
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations are vulnerable. The vulnerability exists in the core login functionality.

📦 What is this software?

Job Portal by Kashipara

View all CVEs affecting Job Portal →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, authentication bypass, and potential remote code execution via database functions.

🟠

Likely Case

Database information disclosure, credential theft, and potential privilege escalation to administrative access.

🟢

If Mitigated

Limited impact with proper input validation and database permissions, though SQL injection attempts would still be logged.

🌐 Internet-Facing: HIGH - Unauthenticated exploitation allows any internet user to attack exposed instances.
🏢 Internal Only: HIGH - Even internal deployments are vulnerable to insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SQL injection in login.php is trivial to exploit with standard SQLi techniques. Public advisories provide technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Consider migrating to supported software or implementing custom fixes.

🔧 Temporary Workarounds

Input Validation Filter

all

Add parameterized queries and input validation to login.php

Modify login.php to use prepared statements: $stmt = $conn->prepare('SELECT * FROM users WHERE username = ?'); $stmt->bind_param('s', $txtUser);

Web Application Firewall

all

Deploy WAF with SQL injection rules to block exploitation attempts

🧯 If You Can't Patch

  • Isolate the Job Portal system from internet access and restrict to internal network only
  • Implement strict network segmentation and monitor all database access attempts

🔍 How to Verify

Check if Vulnerable:

Test login.php with SQL injection payloads like: txtUser=admin' OR '1'='1

Check Version:

Check software version in admin panel or readme files

Verify Fix Applied:

Verify that SQL injection payloads no longer work and return proper error handling

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL syntax in login attempts
  • Multiple failed login attempts with SQL characters
  • Database error messages in application logs

Network Indicators:

  • HTTP POST requests to login.php containing SQL keywords
  • Unusual database connection patterns from web server

SIEM Query:

source=web_logs url="*login.php*" AND (request="*OR*1*1*" OR request="*UNION*SELECT*" OR request="*'--*" OR request="*;--*")

📊 Metadata

CVE ID: CVE-2023-49688
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: December 22, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-49688, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)