cbcvebase.
CVE-2023-33584
published 2023-06-21

CVE-2023-33584: Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by…

PriorityP268critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
14.24%
96.1th percentile
Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code.

Affected

1 ranges
VendorProductVersion rangeFixed in
enrollment_system_projectenrollment_system

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://localhost/enrollment/login.php
command' or 1=1 #
  • Monitor login requests to /enrollment/login.php for SQL metacharacters in username or password fields, specifically single quotes, comment sequences (# or --), and boolean logic patterns (e.g., 'or 1=1').
  • Alert on authentication bypass attempts where the login succeeds with SQL injection payloads in credentials, resulting in administrative access without valid credentials.
  • ·The login path /enrollment/login.php is the specific vulnerable endpoint; detection rules should be scoped to this path to reduce false positives.
  • ·Vulnerability is confirmed only on Enrollment System Project V1.0; other versions are not assessed in this report.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.