CVE-2023-53975 – Atom CMS 2.0 contains an unauthenticated SQL in... (How to Fix)

Q: What is the severity of CVE-2023-53975?

CVE-2023-53975 has a CVSS score of 7.5 (HIGH). Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL commands without authentication. Attackers can manipulate database queries through the 'id' parameter on the admin index page, potentially leading to data theft, modification, or deletion. All Atom CMS 2.0 installations are affected.

📋 TL;DR

Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL commands without authentication. Attackers can manipulate database queries through the 'id' parameter on the admin index page, potentially leading to data theft, modification, or deletion. All Atom CMS 2.0 installations are affected.

💻 Affected Systems

Products:

Atom CMS

Versions: 2.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All Atom CMS 2.0 installations are vulnerable by default; no special configuration required.

📦 What is this software?

Atomcms by Thedigitalcraft

View all CVEs affecting Atomcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data exfiltration, privilege escalation, and potential remote code execution if database functions allow it.

🟠

Likely Case

Data theft from the database, including user credentials, sensitive content, and configuration data.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection.

🌐 Internet-Facing: HIGH - Unauthenticated vulnerability on internet-facing systems allows remote exploitation without credentials.

🏢 Internal Only: MEDIUM - Internal systems still vulnerable but require network access; authenticated users could exploit.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code available; time-based blind SQL injection requires some skill but tools automate exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider migrating to a maintained CMS or implementing custom fixes with parameterized queries.

🔧 Temporary Workarounds

Input Validation Filter

all

Add server-side validation to sanitize the 'id' parameter to accept only numeric values.

Modify admin/index.php to validate $_GET['id'] with is_numeric() or filter_var()

Web Application Firewall (WAF)

all

Deploy WAF rules to block SQL injection patterns in the 'id' parameter.

Add WAF rule: deny requests with SQL keywords in id parameter

🧯 If You Can't Patch

Restrict access to admin pages using IP whitelisting or authentication requirements.
Monitor database logs for unusual query patterns and implement rate limiting on vulnerable endpoints.

🔍 How to Verify

Check if Vulnerable:

Test with payload: admin/index.php?id=1' AND SLEEP(5)-- - and check for delayed response.

Check Version:

Check Atom CMS version in admin panel or readme files.

Verify Fix Applied:

Test same payload; should return error or normal response without delay.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL errors in web server logs
Multiple requests with SQL keywords in id parameter
Long response times from admin/index.php

Network Indicators:

HTTP requests to admin/index.php with SQL injection payloads
Unusual database query patterns from web server IP

SIEM Query:

source="web_logs" AND uri="/admin/index.php" AND (id="*'*" OR id="*AND SLEEP*" OR id="*UNION*" OR id="*SELECT*" OR id="*FROM*" OR id="*WHERE*")

📊 Metadata

CVE ID: CVE-2023-53975

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-89

EPSS Score: 0.11% exploit probability (29.6th percentile)

Published: December 22, 2025

Last Updated: January 5, 2026

🔗 References

https://github.com/thedigicraft/Atom.CMS Product
https://www.exploit-db.com/exploits/51086 Exploit,Third Party Advisory,VDB Entry
https://www.vulncheck.com/advisories/atom-cms-unauthenticated-sql-injection-via-admin-index-page Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53975, you might also want to check these: