cbcvebase.
CVE-2023-0961
published 2023-02-22

CVE-2023-0961: A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been classified as critical. This affects an unknown part of the file…

PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
1.88%
76.9th percentile
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been classified as critical. This affects an unknown part of the file view_music_details.php of the component GET Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221631.

Affected

2 ranges
VendorProductVersion rangeFixed in
music_gallery_site_projectmusic_gallery_site
sourcecodestermusic_gallery_site

Detection & IOCsextracted from sources · hover to see the quote

urlphp-music/view_music_details.php?id=1%27+and+false+union+select+1,version(),database(),4,@@datadir,6,7,8,9,10,11--+-
path/php-music/view_music_details.php
commandGET /php-music/view_music_details.php?id=1' and false union select 1,version(),database(),4,@@datadir,6,7,8,9,10,11-- -
  • Monitor GET requests to view_music_details.php where the 'id' parameter contains SQL metacharacters or UNION SELECT payloads, indicating exploitation of CVE-2023-0961.
  • Look for URL-encoded single quotes (%27) combined with UNION SELECT keywords in the 'id' GET parameter of view_music_details.php.
  • The exploit uses a UNION-based SQL injection with 11 columns to extract version(), database(), and @@datadir — alert on these MySQL information-disclosure functions appearing in query parameters.
  • The vulnerable component is the GET Request Handler for the 'id' argument in view_music_details.php; any non-integer value supplied to this parameter should be treated as suspicious.
  • ·The exploit was tested on a localhost deployment; the base path '/php-music/' may differ across installations — adjust detection rules to match the actual deployment path.
  • ·The PHPSESSID cookie value in the PoC request is specific to the researcher's test session and should not be used as a static IOC; focus detection on the URL pattern and payload structure instead.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.