CVE-2023-3163

LOW

RuoYi < 4.7.7 - Uncontrolled Resource Consumption via filterKeyword Function

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-3163. PoCs published by George0Papasotiriou.

AI-analyzed exploit summary This repository provides a simple method to check if SQL Developer by Oracle is vulnerable to SQL Injection (CVE-2023-3163) by running SQL scripts. It is designed to detect potential SQL injection vulnerabilities in versions prior to 23.1.0.

Description

A vulnerability was found in y_project RuoYi up to 4.7.7. It has been classified as problematic. Affected is the function filterKeyword. The manipulation of the argument value leads to resource consumption. VDB-231090 is the identifier assigned to this vulnerability.

Exploits (1)

nomisec SCANNER 4 stars
by George0Papasotiriou · poc
https://github.com/George0Papasotiriou/CVE-2023-3163-SQL-Injection-Prevention

This repository provides a simple method to check if SQL Developer by Oracle is vulnerable to SQL Injection (CVE-2023-3163) by running SQL scripts. It is designed to detect potential SQL injection vulnerabilities in versions prior to 23.1.0.

Classification
Scanner 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Oracle SQL Developer < 23.1.0
Auth required
Prerequisites: Access to SQL Developer Database · SQL Developer version prior to 23.1.0
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Permissions Required vdb-entry technical-description
https://vuldb.com/?id.231090
Permissions Required signature permissions-required
https://vuldb.com/?ctiid.231090

Scores

CVSS v3 3.5
EPSS 0.0053
EPSS Percentile 67.5%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Details

CWE
CWE-400 CWE-89
Status published
Products (2)
com.ruoyi/ruoyi 0Maven
ruoyi/ruoyi < 4.7.7
Published Jun 08, 2023
Tracked Since Feb 18, 2026