CVE-2023-31714

This exploit demonstrates a pre-authentication SQL injection vulnerability in Chitor-CMS v1.1.2. It allows an attacker to list databases, tables, and dump table contents via crafted SQL queries.

This repository contains a functional SQL injection exploit for CVE-2023-31714, targeting Chitor-CMS versions before 1.1.2. The exploit demonstrates pre-authentication SQL injection via the `/add_school_class.php` and `/edit_school.php` endpoints, allowing database enumeration and data dumping.