CVE-2023-45503

MEDIUM

Macs CMS 1.1.4f - SQL Injection via Multiple Endpoints

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-45503. PoCs published by ally-petitt.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2023-45503, a SQL injection vulnerability in Macrob7 Macs CMS versions 1.1.4f and prior. It includes code snippets and a breakdown of the vulnerable functions, demonstrating a clear understanding of the root cause.

Description

SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via crafted payload to resetPassword, forgotPasswordProcess, saveUser, saveRole, deleteUser, deleteRole, deleteComment, deleteUser, allowComment, saveRole, forgotPasswordProcess, resetPassword, saveUser, addComment, saveRole, and saveUser endpoints.

Exploits (1)

nomisec WRITEUP
by ally-petitt · poc
https://github.com/ally-petitt/CVE-2023-45503

This repository provides a detailed technical analysis of CVE-2023-45503, a SQL injection vulnerability in Macrob7 Macs CMS versions 1.1.4f and prior. It includes code snippets and a breakdown of the vulnerable functions, demonstrating a clear understanding of the root cause.

Classification
Writeup 100%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Macrob7 Macs CMS 1.1.4f and prior
No auth needed
Prerequisites: Access to affected endpoints · Ability to send crafted HTTP requests
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 5.3
EPSS 0.0091
EPSS Percentile 55.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
macs_cms_project/macs_cms 1.1.4f
Published Apr 15, 2024
Tracked Since Feb 18, 2026