CRITICAL🇵🇱 Wersja polska

CVE-2023-44755

CVSS 9.8v3.1pub. 2025-04-22upd. 2025-06-19

Sacco Management system v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /sacco/ajax.php.

🤖 AI Analysis
How it works

The application does not properly validate or filter input data passed in the password parameter during database queries. An attacker can inject malicious SQL code directly into the query executed by the /sacco/ajax.php endpoint. This allows manipulation of database query logic without needing authentication.

Impact

An attacker can gain unauthorized access to data stored in the database, including confidential and authentication data, and in certain configurations may also modify or delete data and potentially take control of the database system.

Mitigation & patch

Apply patches available from the vendor according to references. Additionally, it is recommended to implement parameterized SQL queries (prepared statements) and strict server-side input validation. Until the patch is applied, it is recommended to restrict access to the /sacco/ajax.php endpoint at the firewall or WAF level.

Who is affected

Mayurik Sacco Management System v1.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Mayurik Sacco Management System

    APP
    Mayurik
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2025-60316CRITICAL9.4PL ✓ten sam vendor

SQL Injection w Pet Grooming Management Software via parametr ID

CVE-2025-1872CRITICAL9.3PL ✓ten sam vendor

SQL Injection w 101news — parametr sadminusername w panelu admina

CVE-2025-1869CRITICAL9.3PL ✓ten sam vendor

SQL Injection w 101news — podatność w parametrze 'username'

CVE-2025-1870CRITICAL9.3PL ✓ten sam vendor

SQL Injection w 101news (Mayurik Best Online News Portal) via parametr pagedescription

CVE-2025-1871CRITICAL9.3PL ✓ten sam vendor

SQL Injection w 101news – parametry category i subcategory