CVE-2023-53917

MEDIUM

Affiliate Me <5.0.1 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53917. PoCs published by h4ck3r.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Affiliate Me Version 5.0.1, allowing an attacker to extract sensitive user information, including usernames and passwords, by manipulating the 'id' parameter in the admin.php script.

Description

Affiliate Me version 5.0.1 contains a SQL injection vulnerability in the admin.php endpoint that allows authenticated administrators to manipulate database queries. Attackers can exploit the 'id' parameter with crafted union-based queries to extract sensitive user information including usernames and password hashes.

Exploits (1)

exploitdb WORKING POC
by h4ck3r · textwebappsphp
https://www.exploit-db.com/exploits/51468

This exploit demonstrates a SQL injection vulnerability in Affiliate Me Version 5.0.1, allowing an attacker to extract sensitive user information, including usernames and passwords, by manipulating the 'id' parameter in the admin.php script.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Affiliate Me 5.0.1
Auth required
Prerequisites: Access to an admin account · Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/51468

Scores

CVSS v3 6.5
EPSS 0.0031
EPSS Percentile 22.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (2)
powerstonegh/Affiliate Me 5.0.1
powerstonegh/affiliate_me 5.0.1
Published Dec 17, 2025
Tracked Since Feb 18, 2026