CVE-2023-53926 — CRITICAL (9.8)

Vulnerability Description

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database information.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Phpjabbers	Simple Cms	5.0

Related Weaknesses (CWE)

CWE-89

References

https://www.exploit-db.com/exploits/51416ExploitThird Party AdvisoryVDB Entry
https://www.phpjabbers.com/faq.phpProduct
https://www.vulncheck.com/advisories/phpjabbers-simple-cms-sql-injection-via-colThird Party Advisory

FAQ

What is CVE-2023-53926?

CVE-2023-53926 is a vulnerability with a CVSS score of 9.8 (CRITICAL). PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads throug...

How severe is CVE-2023-53926?

CVE-2023-53926 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-53926?

Check the references section above for vendor advisories and patch information. Affected products include: Phpjabbers Simple Cms.