Home

Description

dawa-pharma-1.0 allows unauthenticated attackers to execute SQL queries on the server, allowing them to access sensitive information and potentially gain administrative access.

PUBLISHED Reserved 2025-12-04 | Published 2025-12-04 | Updated 2025-12-05 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Default status
unaffected

1.0-2022
affected

Credits

nu11secur1ty finder

References

www.exploit-db.com/exploits/51818 (ExploitDB-51818) exploit

www.mayurik.com/...t-pharmacy-billing-software-free-download (Mayuri K Pharmacy Billing Software) product

github.com/...ain/vendors/mayuri_k/2022/dawa-pharma-1.0-2022 (GitHub Repository for CVE-nu11secur1ty) product issue-tracking

www.nu11secur1ty.com/ (nu11secur1ty Home Page) product

www.vulncheck.com/...ma-10-sql-injection-via-email-parameter third-party-advisory

cve.org (CVE-2023-53734)

nvd.nist.gov (CVE-2023-53734)