CVE-2023-3047

CRITICAL

TMT Lockcell <15 - SQL Injection

Title source: llm

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection.This issue affects Lockcell: before 15.

Exploits (2)

nomisec WRITEUP 4 stars

by Phamchie · poc

https://github.com/Phamchie/CVE-2023-3047

View Code ZIP pw:eip

nomisec STUB 2 stars

by Kimsovannareth · poc

https://github.com/Kimsovannareth/Phamchie

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://fordefence.com/cve-2023-3047-tmt-lockcell-sql-injection/

[Third Party Advisory] https://www.usom.gov.tr/bildirim/tr-23-0345

Scores

CVSS v3 9.8

EPSS 0.0878

EPSS Percentile 92.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

tmtmakine/lockcell_firmware < 15.0

Published Jun 13, 2023

Tracked Since Feb 18, 2026