CVE-2023-45657

HIGH

POSIMYTH Nexter <= 2.0.3 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-45657. PoCs published by RandomRobbieBF.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-45657, an authenticated SQL injection vulnerability in the Nexter WordPress theme. The exploit automates authentication, retrieves a nonce, and uses sqlmap to exploit the vulnerability via the 'to' parameter.

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSIMYTH Nexter allows SQL Injection.This issue affects Nexter: from n/a through 2.0.3.

Exploits (1)

nomisec WORKING POC
by RandomRobbieBF · poc
https://github.com/RandomRobbieBF/CVE-2023-45657

This repository contains a functional exploit for CVE-2023-45657, an authenticated SQL injection vulnerability in the Nexter WordPress theme. The exploit automates authentication, retrieves a nonce, and uses sqlmap to exploit the vulnerability via the 'to' parameter.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Nexter WordPress theme <= 2.0.3
Auth required
Prerequisites: Valid WordPress credentials (Subscriber+) · Nexter theme <= 2.0.3 installed · sqlmap installed
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 8.5
EPSS 0.0128
EPSS Percentile 66.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (3)
POSIMYTH/Nexter < 2.0.3
posimyth/nexter < 2.0.4
posimyththemes/Nexter < 2.0.3
Published Nov 06, 2023
Tracked Since Feb 18, 2026