CVE-2023-1545

HIGH

nilsteampassnet/teampass <3.0.0.23 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2023-1545. PoCs published by Max Meyer - Rivendell, zer0-dave, gunzf0x.

AI-analyzed exploit summary This Python script exploits a SQL injection vulnerability in TeamPass (CVE-2023-1545) by injecting malicious SQL queries into the login parameter of the API endpoint. It extracts user credentials by leveraging a UNION-based SQL injection technique and decoding JWT tokens.

Description

SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.

Exploits (5)

exploitdb WORKING POC
by Max Meyer - Rivendell · pythonwebappsphp
https://www.exploit-db.com/exploits/52094

This Python script exploits a SQL injection vulnerability in TeamPass (CVE-2023-1545) by injecting malicious SQL queries into the login parameter of the API endpoint. It extracts user credentials by leveraging a UNION-based SQL injection technique and decoding JWT tokens.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: TeamPass 2.1.24 and prior
No auth needed
Prerequisites: API feature enabled in TeamPass · Network access to the target TeamPass instance
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 1 stars
by zer0-dave · poc
https://github.com/zer0-dave/CVE-2023-1545-POC

This PoC exploits a SQL injection vulnerability in Teampass's API authorization endpoint to dump user credentials. It uses a UNION-based attack to extract usernames and password hashes from the database.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Teampass (version not specified)
No auth needed
Prerequisites: API feature enabled in Teampass · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by gunzf0x · poc
https://github.com/gunzf0x/CVE-2023-1545

This is a functional SQL Injection PoC for CVE-2023-1545 targeting Teampass versions prior to 3.0.0.23. It exploits an authentication bypass via SQLi to extract user credentials from the database.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Teampass < 3.0.0.23
No auth needed
Prerequisites: Target URL running vulnerable Teampass instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by sternstundes · poc
https://github.com/sternstundes/CVE-2023-1545-POC-python

This PoC exploits a SQL injection vulnerability in Teampass via the API endpoint, allowing an attacker to extract user credentials by manipulating the login parameter. It demonstrates the ability to bypass authentication and dump user data.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Teampass (version not specified)
No auth needed
Prerequisites: API feature must be enabled on the target Teampass instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by HarshRajSinghania · poc
https://github.com/HarshRajSinghania/CVE-2023-1545-Exploit

This exploit leverages a SQL injection vulnerability in CVE-2023-1545 to extract user credentials from the teampass_users table. It bypasses authentication by injecting a UNION SELECT query and retrieves usernames and password hashes.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Teampass (version not specified)
No auth needed
Prerequisites: API feature enabled · Access to the /api/index.php/authorize endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.5
EPSS 0.1398
EPSS Percentile 94.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (2)
nilsteampassnet/teampass 0 - 3.0.0.22Packagist
teampass/teampass < 3.0.0.23
Published Mar 21, 2023
Tracked Since Feb 18, 2026