Exploitation Summary
EIP tracks 2 public exploits for CVE-2023-31714. PoCs published by msd0pe, msd0pe-1.
AI-analyzed exploit summary This exploit demonstrates a pre-authentication SQL injection vulnerability in Chitor-CMS v1.1.2. It allows an attacker to list databases, tables, and dump table contents via crafted SQL queries.
Description
Chitor-CMS before v1.1.2 was discovered to contain multiple SQL injection vulnerabilities.
Exploits (2)
This exploit demonstrates a pre-authentication SQL injection vulnerability in Chitor-CMS v1.1.2. It allows an attacker to list databases, tables, and dump table contents via crafted SQL queries.
This repository contains a functional SQL injection exploit for CVE-2023-31714, targeting Chitor-CMS versions before 1.1.2. The exploit demonstrates pre-authentication SQL injection via the `/add_school_class.php` and `/edit_school.php` endpoints, allowing database enumeration and data dumping.
References (4)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H