CVE-2023-53975

HIGH

Atom CMS 2.0 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-53975. PoCs published by Hubert Wojciechowski.

AI-analyzed exploit summary This exploit demonstrates a time-based SQL injection vulnerability in Atom CMS v2.0, specifically targeting the 'id' parameter in the admin panel. The PoC uses a crafted POST request with a sleep-based payload to confirm the vulnerability without requiring authentication.

Description

Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries through unvalidated parameters. Attackers can inject malicious SQL code in the 'id' parameter of the admin index page to execute time-based blind SQL injection attacks.

Exploits (1)

exploitdb WORKING POC
by Hubert Wojciechowski · textwebappsphp
https://www.exploit-db.com/exploits/51086

This exploit demonstrates a time-based SQL injection vulnerability in Atom CMS v2.0, specifically targeting the 'id' parameter in the admin panel. The PoC uses a crafted POST request with a sleep-based payload to confirm the vulnerability without requiring authentication.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Atom CMS v2.0
No auth needed
Prerequisites: Access to the admin panel URL · Network connectivity to the target
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit
https://www.exploit-db.com/exploits/51086

Scores

CVSS v3 7.5
EPSS 0.0040
EPSS Percentile 32.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (2)
thedigicraft/Atom CMS 2.0
thedigitalcraft/atomcms 2.0
Published Dec 22, 2025
Tracked Since Feb 18, 2026