CVE-2023-23162
CRITICALArt Gallery Management System Project 1.0 - SQL Injection via cid Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2023-23162. PoCs published by Rahul Patwari.
AI-analyzed exploit summary This exploit demonstrates an unauthenticated SQL injection vulnerability in Art Gallery Management System Project v1.0 via the 'cid' parameter. The PoC includes manual SQLi techniques and SQLMap automation to dump database contents.
Description
Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at product.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Rahul Patwari · textwebappsphp
https://www.exploit-db.com/exploits/51215
This exploit demonstrates an unauthenticated SQL injection vulnerability in Art Gallery Management System Project v1.0 via the 'cid' parameter. The PoC includes manual SQLi techniques and SQLMap automation to dump database contents.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
Art Gallery Management System Project v1.0
No auth needed
Prerequisites:
Access to the target web application · SQLMap for automated exploitation
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/171643/Art-Gallery-Management-System-Project-1.0-SQL-Injection.html
Exploit, Third Party Advisory
https://github.com/rahulpatwari/CVE/blob/main/CVE-2023-23162/CVE-2023-23162.txt
Scores
CVSS v3
9.8
EPSS
0.0438
EPSS Percentile
90.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
phpgurukul/art_gallery_management_system
1.0
Published
Feb 10, 2023
Tracked Since
Feb 18, 2026