Login Sign Up

CVE-2023-51927

9.8 CRITICAL
SQL Injection

📋 TL;DR

This vulnerability allows attackers to execute arbitrary SQL commands through the YonBIP HR attendance script controller. It affects organizations using YonBIP v3_23.05, potentially compromising sensitive HR and business data.

💻 Affected Systems

Products:
  • YonBIP
Versions: v3_23.05
Operating Systems: Any OS running YonBIP
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the HR cloud attendance module specifically through the runScript() method.

📦 What is this software?

Yonbip by Yonyou

View all CVEs affecting Yonbip →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data manipulation, and potential remote code execution through database functions.

🟠

Likely Case

Unauthorized access to sensitive HR data including employee records, attendance information, and personal identifiable information.

🟢

If Mitigated

Limited impact with proper input validation and database permission restrictions in place.

🌐 Internet-Facing: HIGH - SQL injection vulnerabilities are easily exploitable and can lead to complete system compromise.
🏢 Internal Only: HIGH - Even internal attackers or compromised accounts could exploit this to escalate privileges.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

SQL injection vulnerabilities are well-understood and easily weaponized with automated tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.yonyou.com/

Restart Required: No

Instructions:

1. Check vendor website for security updates. 2. Apply any available patches. 3. Verify the fix by testing the vulnerable endpoint.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for the runScript() method parameters

Implement parameterized queries or stored procedures
Add input sanitization for script parameters

Access Restriction

all

Restrict access to the vulnerable endpoint

Configure firewall rules to block external access to /attend/web/AttendScriptController
Implement IP whitelisting for administrative functions

🧯 If You Can't Patch

  • Implement a Web Application Firewall (WAF) with SQL injection rules
  • Restrict database user permissions to minimum required access

🔍 How to Verify

Check if Vulnerable:

Test the /attend/web/AttendScriptController endpoint with SQL injection payloads in the script parameter

Check Version:

Check application version in admin panel or configuration files

Verify Fix Applied:

Retest the vulnerable endpoint with SQL injection payloads to confirm they are blocked

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed login attempts followed by script execution
  • Long or malformed parameters in web server logs

Network Indicators:

  • Unusual database connection patterns
  • SQL keywords in HTTP POST parameters
  • Excessive requests to the vulnerable endpoint

SIEM Query:

source="web_logs" AND uri="/attend/web/AttendScriptController" AND (param="script" CONTAINS "UNION" OR param="script" CONTAINS "SELECT" OR param="script" CONTAINS "INSERT")

📊 Metadata

CVE ID: CVE-2023-51927
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: January 20, 2024
Last Updated: June 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-51927, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)