CVE-2023-27112

CVE-2023-27112 is a SQL injection vulnerability (CWE-89) affecting pearProjectApi version 2.8.10. The issue resides in the projectCode parameter within the project.php endpoint, allowing malicious SQL queries to be injected and executed against the backend database. Published on 2025-01-21, it carries a CVSS v3.1 base score of 9.8, indicating critical severity due to its network accessibility and high impact potential.

The vulnerability can be exploited by unauthenticated remote attackers over the network with low complexity and no user interaction required (AV:N/AC:L/PR:N/UI:N/S:U). Successful exploitation grants high confidentiality, integrity, and availability impacts (C:H/I:H/A:H), enabling attackers to extract sensitive data, modify database contents, execute arbitrary SQL commands, or disrupt service availability.

Mitigation details are available in the GitHub issue at https://github.com/a54552239/pearProjectApi/issues/32, which documents the discovery and may include patch information or workarounds for affected deployments.