CVE-2023-50035

CRITICAL

Small CRM 3.0 - SQL Injection via Users Login Panel Password Parameter

Title source: llm
STIX 2.1

Description

PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of "password" parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed.

References (1)

Core 1

Scores

CVSS v3 9.8
EPSS 0.0063
EPSS Percentile 45.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
small_crm_project/small_crm 3.0
Published Dec 29, 2023
Tracked Since Feb 18, 2026