CVE-2023-53734

HIGH

dawa-pharma 1.0-2022 - Unauthenticated SQL Injection via Email Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53734. PoCs published by nu11secur1ty.

AI-analyzed exploit summary This is a writeup describing SQL injection vulnerabilities in dawa-pharma-1.0-2022, specifically targeting the email parameter with boolean-based and time-based blind SQLi techniques. It includes payload examples and references to external resources.

Description

dawa-pharma-1.0 allows unauthenticated attackers to execute SQL queries on the server, allowing them to access sensitive information and potentially gain administrative access.

Exploits (1)

exploitdb WRITEUP
by nu11secur1ty · textwebappsphp
https://www.exploit-db.com/exploits/51818

This is a writeup describing SQL injection vulnerabilities in dawa-pharma-1.0-2022, specifically targeting the email parameter with boolean-based and time-based blind SQLi techniques. It includes payload examples and references to external resources.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: dawa-pharma-1.0-2022
No auth needed
Prerequisites: Access to the vulnerable application · Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v4 8.7
EPSS 0.0028
EPSS Percentile 52.2%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
mayurik/dawa-pharma 1.0-2022
Published Dec 04, 2025
Tracked Since Feb 18, 2026