CVE-2023-40852

CRITICAL

User Registration & Login and User Management System With Admin Panel 3.0 - SQL Injection via Admin Username Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-40852. PoCs published by Ashutosh Singh Umath.

AI-analyzed exploit summary This is a writeup describing an unauthenticated SQL injection vulnerability in User Registration & Login and User Management System v3.0. It provides steps to bypass admin authentication and suggests using sqlmap for further exploitation.

Description

SQL Injection vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to obtain sensitive information via crafted string in the admin user name field on the admin log in page.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Ashutosh Singh Umath · textwebappsphp
https://www.exploit-db.com/exploits/51695

This is a writeup describing an unauthenticated SQL injection vulnerability in User Registration & Login and User Management System v3.0. It provides steps to bypass admin authentication and suggests using sqlmap for further exploitation.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: User Registration & Login and User Management System v3.0
No auth needed
Prerequisites: Access to the admin login page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory, VDB Entry
https://www.exploit-db.com/exploits/51695

Scores

CVSS v3 9.8
EPSS 0.0007
EPSS Percentile 22.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
user_registration_\&_login_and_user_management_system_with_admin_panel_project/user_registration_\&_login_and_user_management_system_with_admin_panel 3.0
Published Oct 16, 2023
Tracked Since Feb 18, 2026