CVE-2023-54340

HighPublic PoC

Published: 13 January 2026

Published

13 January 2026

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

EPSS Score 0.0017 37.6th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

WorkOrder CMS 0.1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login by manipulating username and password parameters. Attackers can inject malicious SQL queries using techniques like OR '1'='1' and stacked queries to access database information or…

execute administrative commands.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

SI-10 mandates validation of information inputs such as username and password parameters, directly preventing SQL injection exploitation like OR '1'='1' or stacked queries.

SI-2 Flaw Remediation good match

prevent

SI-2 requires identification, reporting, and correction of flaws, ensuring timely remediation of the specific SQL injection vulnerability in WorkOrder CMS 0.1.0 login functionality.

RA-5 Vulnerability Monitoring and Scanning good match

detect

RA-5 requires vulnerability scanning that would detect SQL injection flaws in login forms, enabling proactive mitigation before exploitation.

Security SummaryAI

CVE-2023-54340 is a SQL injection vulnerability (CWE-89) affecting WorkOrder CMS version 0.1.0. The flaw resides in the login functionality, where the username and password parameters are vulnerable to manipulation, enabling attackers to inject malicious SQL queries such as 'OR 1=1' or stacked queries. Published on 2026-01-13, it carries a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N), indicating high confidentiality impact with low attack complexity.

Unauthenticated remote attackers can exploit this vulnerability to bypass login authentication without user interaction. Successful exploitation allows extraction of sensitive database information or execution of administrative commands, potentially leading to unauthorized data access or control over the application.

Advisories and related resources, including the WorkOrder CMS GitHub repository (https://github.com/romzes13/WorkOrderCMS), an Exploit-DB proof-of-concept (https://www.exploit-db.com/exploits/51038), and a VulnCheck advisory (https://www.vulncheck.com/advisories/workorder-cms-sql-injection), document the issue and exploitation details for security practitioners to review potential mitigations such as input sanitization or upgrades.

Details

CWE(s): CWE-89

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1213.006 Databases Collection

Adversaries may leverage databases to mine valuable information.

attack.mitre.org →

Why these techniques?

T1190 directly matches exploitation of a public-facing web application via SQL injection. T1213.006 is facilitated by the ability to extract sensitive database information post-authentication bypass.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/romzes13/WorkOrderCMS
disclosure@vulncheck.com
https://www.exploit-db.com/exploits/51038
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/workorder-cms-sql-injection
disclosure@vulncheck.com