CVE-2023-2215

MEDIUM EXPLOITED

Campcodes Coffee Shop POS System 1.0 - SQL Injection via Manage User ID Parameter

Title source: llm

Exploitation Summary

CVE-2023-2215 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including zwxxb.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-2215, an authentication bypass vulnerability in Atlassian Confluence. The PoC automates the process of resetting the setup status, creating an admin account, and verifying successful exploitation.

Description

A vulnerability classified as critical has been found in Campcodes Coffee Shop POS System 1.0. Affected is an unknown function of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226980.

Exploits (1)

nomisec WORKING POC 4 stars

by zwxxb · remote

https://github.com/zwxxb/CVE-2023-2215

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2023-2215, an authentication bypass vulnerability in Atlassian Confluence. The PoC automates the process of resetting the setup status, creating an admin account, and verifying successful exploitation.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Atlassian Confluence

No auth needed

Prerequisites: Network access to the target Confluence instance

MITRE ATT&CK

T1110 - Brute Force T1078 - Valid Accounts

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Permissions Required, Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.226980

Permissions Required, Third Party Advisory, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.226980

Exploit, Third Party Advisory exploit

https://github.com/E1CHO/cve_hub/blob/main/Coffee%20Shop%20POS%20System/Coffee%20Shop%20POS%20System%20-%20vuln%207.pdf

View Exploit ZIP pw:eip

Scores

CVSS v3 6.3

EPSS 0.0164

EPSS Percentile 73.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

VulnCheck KEV 2024-06-26

CWE

CWE-89

Status published

Products (1)

coffee_shop_pos_system_project/coffee_shop_pos_system 1.0

Published Apr 21, 2023

Tracked Since Feb 18, 2026