Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-46023

CWE-89 — SQL Injection4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 68.82%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Code-projects Simple Task List

Timeline

PublishedNov 14

Latest updateMar 20

Description

SQL injection vulnerability in addTask.php in Code-Projects Simple Task List 1.0 allows attackers to obtain sensitive information via the 'status' parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDcode-projects/simple_task_list1.0

🔴Vulnerability Details

GHSA

GHSA-8hjx-r3v4-crcm: SQL injection vulnerability in addTask↗2023-11-15

▶

CVEList

CVE-2023-46023: SQL injection vulnerability in addTask↗2023-11-14

▶

💥Exploits & PoCs

Exploit-DB

Simple Task List 1.0 - 'status' SQLi↗2024-03-20

▶