CVE-2023-53975

HIGH

Atom CMS 2.0 - SQL Injection

Title source: llm

Description

Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries through unvalidated parameters. Attackers can inject malicious SQL code in the 'id' parameter of the admin index page to execute time-based blind SQL injection attacks.

Exploits (1)

exploitdb WORKING POC

by Hubert Wojciechowski · textwebappsphp

https://www.exploit-db.com/exploits/51086

View Code ZIP pw:eip

References (3)

[Product] https://github.com/thedigicraft/Atom.CMS

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/51086

[Third Party Advisory] https://www.vulncheck.com/advisories/atom-cms-unauthenticated-sql-injection-via-admin-index-page

Scores

CVSS v3 7.5

EPSS 0.0014

EPSS Percentile 33.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-89

Status published

Products (2)

thedigicraft/Atom CMS 2.0

thedigitalcraft/atomcms 2.0

Published Dec 22, 2025

Tracked Since Feb 18, 2026