CVE-2023-31433

HIGH

Logbuch <8.2.2286, <9.0.2401 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-31433. PoCs published by trustcves.

AI-analyzed exploit summary This is a detailed technical writeup discussing an SQL injection vulnerability in Evasys Logbuch (CVE-2023-31433). It includes proof-of-concept HTTP requests demonstrating UNION-based SQLi, error-based detection, and screenshots of successful data exfiltration.

Description

A SQL injection issue in Logbuch in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allows authenticated attackers to execute SQL statements via the welche parameter.

Exploits (1)

nomisec WRITEUP 1 stars

by trustcves · poc

https://github.com/trustcves/CVE-2023-31433

View Code ZIP pw:eip

This is a detailed technical writeup discussing an SQL injection vulnerability in Evasys Logbuch (CVE-2023-31433). It includes proof-of-concept HTTP requests demonstrating UNION-based SQLi, error-based detection, and screenshots of successful data exfiltration.

Classification

Writeup 100%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Evasys v8.2 Build 2275-2285 and v9.0 Build 2400

Auth required

Prerequisites: Authenticated access to the Evasys Logbuch component

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://cves.at/posts/cve-2023-31433/writeup/

Scores

CVSS v3 8.8

EPSS 0.0093

EPSS Percentile 55.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-89

Status published

Products (2)

evasys/evasys 8.2

evasys/evasys 9.0

Published May 02, 2023

Tracked Since Feb 18, 2026