cbcvebase.
CVE-2023-34635
published 2023-07-31

CVE-2023-34635: Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in…

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
2.08%
79.2th percentile
Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page.

Affected

2 ranges
VendorProductVersion rangeFixed in
wifi-softunibox_administration
wifi-softunibox_administration

Detection & IOCsextracted from sources · hover to see the quote

path/index.php
path/dashboard/dashboard
command'or 1=1 limit 1-- -
commandusername='or+1=1+limit+1--+-&password=randompassword&captcha=69199&action=Login
  • Monitor POST requests to /index.php containing SQL injection patterns in the username parameter, specifically boolean-based payloads such as 'or 1=1 limit 1-- - (URL-encoded: 'or+1=1+limit+1--+-).
  • A successful exploitation results in an HTTP 302 redirect to ./dashboard/dashboard immediately following the login POST to /index.php — alert on this redirect pattern from unauthenticated sessions.
  • Use Google Dork to identify exposed Unibox instances: intext:"Unibox Administration 3.1", intext:"Unibox 3.0" — these are the vulnerable versions targeted by this exploit.
  • The exploit targets the username field in a form POST with parameters: username, password, captcha, action. Alert on login requests where the username field contains SQL metacharacters (single quotes, comment sequences --, OR keywords).
  • ·The exploit requires a valid CAPTCHA to be solved at the login page, meaning fully automated exploitation may be limited unless the CAPTCHA is weak or bypassable.
  • ·The vulnerability is confirmed only on Unibox Administration versions 3.0 and 3.1; other versions are not referenced as affected.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.