CVE-2023-31714
published 2023-08-30CVE-2023-31714: Chitor-CMS before v1.1.2 was discovered to contain multiple SQL injection vulnerabilities.
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
3.28%
86.9th percentile
Chitor-CMS before v1.1.2 was discovered to contain multiple SQL injection vulnerabilities.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| waqaskanju | chitor-cms | < 1.1.2 | 1.1.2 |
Detection & IOCsextracted from sources · hover to see the quote
path/edit_school.php?id=-2164' UNION ALL SELECT NULL%2CNULL%2CCONCAT(0x71707a6b71%2CJSON_ARRAYAGG(CONCAT_WS(0x787a6d64706c%2Cschema_name))%2C0x716a6b6271) FROM INFORMATION_SCHEMA.SCHEMATA-- -↗
path/edit_school.php?id=-2164' UNION ALL SELECT NULL%2CNULL%2CCONCAT(0x71707a6b71%2CJSON_ARRAYAGG(CONCAT_WS(0x787a6d64706c%2Ctable_name))%2C0x716a6b6271) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema IN (0x↗
path/edit_school.php?id=-2164' UNION ALL SELECT NULL%2CNULL%2CCONCAT(0x71707a6b71%2CJSON_ARRAYAGG(CONCAT_WS(0x787a6d64706c%2Ccolumn_name))%2C0x716a6b6271) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name=↗
bytes↗
0x71707a6b71 / 0x716a6b6271
- →Monitor HTTP GET requests to /edit_school.php with an `id` parameter value beginning with a negative integer followed by a single quote and UNION ALL SELECT, indicating pre-authentication SQL injection exploitation. ↗
- →Detect the hex-encoded canary strings 0x71707a6b71 ('qpzkq') and 0x716a6b6271 ('qjkbq') in HTTP request or response bodies; these are the attacker's unique delimiters used to extract SQL query results. ↗
- →The exploit is pre-authentication (no login required); alert on UNION-based SQL injection payloads targeting INFORMATION_SCHEMA.SCHEMATA, INFORMATION_SCHEMA.TABLES, and INFORMATION_SCHEMA.COLUMNS via the edit_school.php endpoint. ↗
- →Look for the separator hex string 0x787a6d64706c ('xzmdpl') in URL-encoded query parameters; it is used by the exploit to delimit column values within concatenated SQL output. ↗
- ·The vulnerability affects Chitor-CMS versions before 1.1.2; the fix was committed on 2023/04/16 at commit 69d3442. Ensure the patched version is deployed. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://github.com/msd0pe-1/chitor-sqlihttps://github.com/waqaskanju/Chitor-CMS/commit/69d34420ad382c91b0c285432418c1b0810128c1https://github.com/waqaskanju/Chitor-CMS/releases/tag/Chitor-cmshttps://www.exploit-db.com/exploits/51383https://github.com/msd0pe-1/chitor-sqlihttps://github.com/waqaskanju/Chitor-CMS/commit/69d34420ad382c91b0c285432418c1b0810128c1https://github.com/waqaskanju/Chitor-CMS/releases/tag/Chitor-cmshttps://www.exploit-db.com/exploits/51383
2023-08-30
Published