CVE-2023-34635

CRITICAL

Wifi Soft Unibox Administration 3.0-3.1 - SQL Injection via Login Username Field

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-34635. PoCs published by Ansh Jain.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Wifi Soft Unibox Administration 3.0 and 3.1, allowing unauthenticated admin access via a crafted payload in the username field.

Description

Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page.

Exploits (1)

exploitdb WORKING POC

by Ansh Jain · textwebappsphp

https://www.exploit-db.com/exploits/51610

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in Wifi Soft Unibox Administration 3.0 and 3.1, allowing unauthenticated admin access via a crafted payload in the username field.

Classification

Working Poc 100%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Wifi Soft Unibox Administration 3.0 & 3.1

No auth needed

Prerequisites: Access to the login page of the vulnerable application

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory, VDB Entry

http://packetstormsecurity.com/files/173669/Wifi-Soft-Unibox-Administration-3.0-3.1-SQL-Injection.html

Exploit, Third Party Advisory, VDB Entry

https://www.exploit-db.com/exploits/51610

Scores

CVSS v3 9.8

EPSS 0.0208

EPSS Percentile 79.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-89

Status published

Products (2)

wifi-soft/unibox_administration 3.0

wifi-soft/unibox_administration 3.1

Published Jul 31, 2023

Tracked Since Feb 18, 2026