CVE-2023-27113

CriticalPublic PoC

Published: 21 January 2025

Published

21 January 2025

Modified

30 May 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0022 44.2th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the organizationCode parameter at project.php.

Security Summary

CVE-2023-27113 is a SQL injection vulnerability (CWE-89) affecting pearProjectApi version 2.8.10. The issue arises via the organizationCode parameter in the project.php component, enabling malicious SQL payloads to be injected and executed. Published on 2025-01-21, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for widespread impact.

Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low attack complexity. Successful exploitation allows arbitrary SQL query execution, granting high-impact access to confidential data, modification of database contents, and disruption of service availability.

Mitigation details are available in the GitHub issue at https://github.com/a54552239/pearProjectApi/issues/31, which serves as the primary advisory reference for this CVE.

Details

CWE(s): CWE-89

Affected Products

a54552239

pearprojectapi

2.8.10

References

https://github.com/a54552239/pearProjectApi/issues/31
Exploit, Third Party Advisory · cve@mitre.org