CVE-2023-34635

CRITICAL

Wifi-soft Unibox Administration - SQL Injection

Title source: rule

Description

Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page.

Exploits (1)

exploitdb WORKING POC

by Ansh Jain · textwebappsphp

https://www.exploit-db.com/exploits/51610

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/173669/Wifi-Soft-Unibox-Administration-3.0-3.1-SQL-Injection.html

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/51610

Scores

CVSS v3 9.8

EPSS 0.0019

EPSS Percentile 40.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (2)

wifi-soft/unibox_administration 3.0

wifi-soft/unibox_administration 3.1

Published Jul 31, 2023

Tracked Since Feb 18, 2026