Exploitation Summary
EIP tracks 1 public exploit for CVE-2023-54340. PoCs published by Chokri Hammedi.
AI-analyzed exploit summary This exploit demonstrates SQL injection vulnerabilities in WorkOrder CMS 0.1.0, including authentication bypass and various SQLi techniques (error-based, stacked queries, and time-based blind). It provides payloads for exploiting the login mechanism via the `userName` and `password` parameters.
Description
WorkOrder CMS 0.1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login by manipulating username and password parameters. Attackers can inject malicious SQL queries using techniques like OR '1'='1' and stacked queries to access database information or execute administrative commands.
Exploits (1)
This exploit demonstrates SQL injection vulnerabilities in WorkOrder CMS 0.1.0, including authentication bypass and various SQLi techniques (error-based, stacked queries, and time-based blind). It provides payloads for exploiting the login mechanism via the `userName` and `password` parameters.
References (3)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N