216.73.216.86

CVE-2023-53917

· Published 17/12/2025 23:15 · Modified 18/12/2025 19:16

Labels: CVE-2023-53917 2025-12-17CVE-2023-53917[email protected]

Essential information

Published
17/12/2025 23:15
Modified
18/12/2025 19:16
Author
Creator
CVSS
8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Affiliate Me version 5.0.1 contains a SQL injection vulnerability in the admin.php endpoint that allows authenticated administrators to manipulate database queries. Attackers can exploit the 'id' parameter with crafted union-based queries to extract sensitive user information including usernames and password hashes.

NVD status

Status
Undergoing Analysis — CVE is currently being analyzed by NVD staff, this process results in association of reference link tags, CVSS scores, CWE association, and CPE applicability statements.
Source
[email protected]
NVD
View on NVD

References