Cyber Resilience

CVE-2023-51810

HighPublic PoC

Published: 16 January 2024

Published
16 January 2024
Modified
20 June 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0618 91.0th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-51810 is a high-severity SQL Injection (CWE-89) vulnerability in Stackideas Easydiscuss. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 9.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2023-51810 is a SQL injection vulnerability affecting StackIdeas EasyDiscuss version 5.0.5 in the search parameter of the Users module. The flaw, assigned CWE-89, permits extraction of sensitive information and carries a CVSS 3.1 score of 7.5 reflecting network-accessible exploitation with no required authentication or user interaction. The issue was resolved in version 5.0.10.

Unauthenticated remote attackers can supply a crafted request to the affected search parameter and retrieve sensitive data from the underlying database. Because the vector requires no credentials or special privileges, any internet-facing EasyDiscuss installation running the vulnerable release is exposed.

The product was updated to 5.0.10 to correct the injection flaw. Public references include the vendor sites easydiscuss.com and stackideas.com along with a proof-of-concept repository on GitHub.

EPSS remains flat at 0.0618 with no material increase after disclosure. Public exploit code is available, but no evidence of in-the-wild exploitation is provided in the supplied data.

EU & UK References

Vulnerability details

SQL injection vulnerability in StackIdeas EasyDiscuss v.5.0.5 and fixed in v.5.0.10 allows a remote attacker to obtain sensitive information via a crafted request to the search parameter in the Users module.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
Why these techniques?

The SQL injection vulnerability in a public-facing Joomla component (EasyDiscuss users search) enables exploitation of public-facing applications (T1190) and facilitates collection of sensitive data from databases (T1213.006) via blind SQLi payloads.

Affected Assets

stackideas
easydiscuss
5.0.5 — 5.0.10

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-89

Penetration testing uses SQL injection payloads against database interfaces, identifying and supporting fixes for SQL injection weaknesses.

addresses: CWE-89

Validates query inputs to prevent SQL syntax or command manipulation.

References