cbcvebase.
CVE-2023-29809
published 2023-05-12

CVE-2023-29809: SQL injection vulnerability found in Maximilian Vogt companymaps (cmaps) v.8.0 allows a remote attacker to execute arbitrary code via a crafted script in the…

PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
10.51%
95.2th percentile
SQL injection vulnerability found in Maximilian Vogt companymaps (cmaps) v.8.0 allows a remote attacker to execute arbitrary code via a crafted script in the request.

Affected

1 ranges
VendorProductVersion rangeFixed in
companymaps_projectcompanymaps

Detection & IOCsextracted from sources · hover to see the quote

urlhttp:///rest/booking/index.php?mode=list&bookmap=test*
path/rest/booking/index.php
  • Monitor HTTP requests to /rest/booking/index.php for SQL injection patterns in the `bookmap` parameter, particularly time-based blind payloads containing sleep() or select*from constructs.
  • Alert on the specific time-based blind SQLi payload pattern `'-(select*from(select+sleep(` appearing in the `bookmap` query parameter.
  • Detect sqlmap automated exploitation attempts against /rest/booking/index.php indicated by --random-agent usage; correlate with anomalous response times (e.g., ~2 second delays) on that endpoint.
  • Watch for the server-side error message `mysqli_num_rows() expects parameter 1 to be mysqli_result, bool given` in application logs, which indicates a malformed SQL query triggered via the bookmap parameter.
  • ·The exploit targets LDAP credentials stored in the database; successful exploitation via sqlmap --dump may exfiltrate these credentials, broadening the blast radius beyond the web application.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.