CVE-2023-3047

CRITICAL

TMT Lockcell < 15.0 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2023-3047. PoCs published by Phamchie, Kimsovannareth.

AI-analyzed exploit summary This repository provides a step-by-step guide on exploiting CVE-2023-3047, an SQL injection vulnerability in TMT Lockcell before version 15. It includes instructions for detecting the vulnerability and extracting database information using SQLi techniques.

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection. This issue affects Lockcell: before 15.

Exploits (2)

nomisec WRITEUP 4 stars

by Phamchie · poc

https://github.com/Phamchie/CVE-2023-3047

View Code ZIP pw:eip

This repository provides a step-by-step guide on exploiting CVE-2023-3047, an SQL injection vulnerability in TMT Lockcell before version 15. It includes instructions for detecting the vulnerability and extracting database information using SQLi techniques.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: TMT Lockcell before 15

No auth needed

Prerequisites: Access to a vulnerable TMT Lockcell instance · cURL tool · Basic knowledge of SQL injection techniques

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec STUB 2 stars

by Kimsovannareth · poc

https://github.com/Kimsovannareth/Phamchie

View Code ZIP pw:eip

This repository is a stub containing only a README.md file with a link to another GitHub repository for CVE-2023-3047. No exploit code or technical details are provided.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unknown

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory technical-description exploit

https://fordefence.com/cve-2023-3047-tmt-lockcell-sql-injection/

Third Party Advisory government-resource broken-link

https://www.usom.gov.tr/bildirim/tr-23-0345

Government Resource government-resource

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0345

Scores

CVSS v3 9.8

EPSS 0.0167

EPSS Percentile 73.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-89

Status published

Products (2)

TMT/Lockcell < 15

tmtmakine/lockcell_firmware < 15.0

Published Jun 13, 2023

Tracked Since Feb 18, 2026