CVE-2023-33584

CRITICAL

Sourcecodester Enrollment System Project V1.0 - SQL Injection

Title source: llm

Description

Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code.

Exploits (1)

exploitdb WRITEUP VERIFIED

by VIVEK CHOUDHARY · textwebappsphp

https://www.exploit-db.com/exploits/51501

View Code ZIP pw:eip

References (5)

[Various Sources] https://github.com/sudovivek/My-CVE/blob/main/CVE-2023-33584_exploit.md

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/172718/Enrollment-System-Project-1.0-Authentication-Bypass-SQL-Injection.html

[Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/cve/CVE-2023-33584

[Product] https://www.sourcecodester.com/php/14444/enrollment-system-project-source-code-using-phpmysql.html

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/51501

Scores

CVSS v3 9.8

EPSS 0.3065

EPSS Percentile 96.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

enrollment_system_project/enrollment_system 1.0

Published Jun 21, 2023

Tracked Since Feb 18, 2026