Cyber Resilience

CVE-2023-4974

MediumPublic PoC

Published: 15 September 2023

Published
15 September 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.4107 97.5th percentile
Risk Priority 37 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-4974 is a medium-severity SQL Injection (CWE-89) vulnerability in Creativeitem Academy Lms. Its CVSS base score is 6.3 (Medium).

Operationally, ranked in the top 2.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2023-4974 is a SQL injection vulnerability rated critical in Academy LMS version 6.2. It resides in the GET parameter handler of the /academy/tutor/filter endpoint, where unsanitized manipulation of the price_min and price_max arguments allows arbitrary SQL commands to be injected into backend queries.

An attacker with low-privileged but authenticated access can launch the attack remotely over the network. Successful exploitation yields limited read, write, and impact on availability within the affected database context, consistent with the CVSS 6.3 vector that requires no user interaction and assumes a single security scope.

Public references consist of a Packet Storm proof-of-concept and multiple Vuldb entries; the vendor was notified prior to disclosure but issued no response or patch. The associated EPSS score reached a peak of 0.4795 after publication, indicating measurable post-disclosure exploitation interest that warrants monitoring.

EU & UK References

Vulnerability details

A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument price_min/price_max leads to…

more

sql injection. The attack may be launched remotely. VDB-239750 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

creativeitem
academy lms
6.2

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-89

Penetration testing uses SQL injection payloads against database interfaces, identifying and supporting fixes for SQL injection weaknesses.

addresses: CWE-89

Validates query inputs to prevent SQL syntax or command manipulation.

References