cbcvebase.
CVE-2023-0938
published 2023-02-21

CVE-2023-0938: A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. This affects an unknown part of the file music_list.php of the…

PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
1.79%
75.5th percentile
A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. This affects an unknown part of the file music_list.php of the component GET Request Handler. The manipulation of the argument cid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221553 was assigned to this vulnerability.

Affected

2 ranges
VendorProductVersion rangeFixed in
music_gallery_site_projectmusic_gallery_site
sourcecodestermusic_gallery_site

Detection & IOCsextracted from sources · hover to see the quote

path/php-music/?page=music_list&cid=5%27+and+false+union+select+1,version(),database(),4,5,6,7--+-
pathmusic_list.php
commandGET /?page=music_list&cid=4*
  • Monitor HTTP GET requests to music_list.php (or ?page=music_list) where the 'cid' parameter contains SQL injection payloads such as single quotes, UNION SELECT statements, or boolean-based blind injection patterns (e.g., 'and false union select').
  • Flag requests where the User-Agent matches the PoC exploit's browser string (Chrome/108.0.5359.125) combined with suspicious SQL payloads in the cid parameter, as this matches the exact tooling used in the disclosed exploit.
  • Detect URL-encoded SQL injection sequences in the cid GET parameter, specifically patterns containing %27 (single quote), 'union+select', and comment terminators such as '--+-'.
  • ·The PoC was tested on a localhost Windows 11 environment; the base path '/php-music/' may differ in production deployments of Music Gallery Site v1.0, so detection rules should match on the page parameter (?page=music_list) rather than relying solely on the hardcoded path.
  • ·The UNION-based injection payload uses 7 columns (select+1,version(),database(),4,5,6,7), indicating the underlying query returns 7 columns; this column count is specific to the default schema and may vary if the application has been customised.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.