Advisories

Online Voting System Project v1.0 - SQLi

9.8

Critical

Discovered by 

Andres Roldan

Andres Roldan

Offensive Team, Fluid Attacks

Summary

Full name

Online Voting System Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi)

Code name

Yo-Yo Ma

State

Public

Release date

Dec 7, 2023

Affected product

Online Voting System Project

Vendor

Projectworlds Pvt. Limited

Affected version(s)

Version 1.0

Vulnerability name

Unauthenticated SQL Injections (SQLi)

Vulnerability type

146. SQL Injection

Remotely exploitable

Yes

CVSS v3.0 vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v3.0 base score

9.8

Exploit available

Yes

CVE ID(s)

CVE-2023-48433, CVE-2023-48434

Description

Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.

Vulnerabilities

CVE-2023-48433

The 'username' parameter of the login_action.php resource does not validate the characters received and they are sent unfiltered to the database. The vulnerable code is:

CVE-2023-48434
The 'username' parameter of the reg_action.php resource does not validate the characters received and they are sent unfiltered to the database. The vulnerable code is:
Our security policy
We have reserved the IDs CVE-2023-48433 and CVE-2023-48434 to refer to these issues from now on.
Disclosure policy
System Information
  • Version: Online Voting System Project v1.0
  • Operating System: Any
Mitigation
There is currently no patch available for this vulnerability.
References
Timeline
Vulnerability discovered
Nov 16, 2023
Vendor contacted
Nov 16, 2023
Public disclosure
Dec 7, 2023
Start your 21-day free trial
Discover the benefits of our Continuous Hacking solution, which organizations of all sizes are already enjoying.
Try for free
Contact sales
Start your 21-day free trial
Discover the benefits of our Continuous Hacking solution, which organizations of all sizes are already enjoying.
Try for free
Contact sales
Start your 21-day free trial
Discover the benefits of our Continuous Hacking solution, which organizations of all sizes are already enjoying.
Try for free
Contact sales
Plans
Advisories
EN
Contact sales
Log in
Try for free
EN
Contact sales
Try for free
Plans
Advisories
EN
Contact sales
Log in
Try for free
EN
Fluid Attacks' solutions enable organizations to identify, prioritize, and remediate vulnerabilities in their software throughout the SDLC. Supported by AI, automated tools, and pentesters, Fluid Attacks accelerates companies' risk exposure mitigation and strengthens their cybersecurity posture.
Products
Platform
SAST
DAST
SCA
CSPM
PTaaS
Secure code review
Reverse engineering
Solutions
Continuous Hacking
AppSec
Cloud security
ASPM
RBVM
SSCS
Compliance
DevSecOps
Targets
Web applications
Mobile applications
APIs and microservices
Containers
Infrastructure as code
Cloud infrastructure
Resources
Advisories
Blog
Downloadables
Cybersecurity essentials
Documentation
Courses on our platform
Company
About us
Clients
Certifications
Partners
Careers
SOC 2 Type II
SOC 3
Subscribe to our newsletter
Stay updated on our upcoming events and latest blog posts, advisories and other engaging resources.
Subscribe
© 2025 Fluid Attacks. We hack your software.
Terms of use
Privacy policy
System status
Cookie policy
Fluid Attacks' solutions enable organizations to identify, prioritize, and remediate vulnerabilities in their software throughout the SDLC. Supported by AI, automated tools, and pentesters, Fluid Attacks accelerates companies' risk exposure mitigation and strengthens their cybersecurity posture.
Products
Platform
SAST
DAST
SCA
CSPM
PTaaS
Secure code review
Reverse engineering
Solutions
Continuous Hacking
AppSec
Cloud security
ASPM
RBVM
SSCS
Compliance
DevSecOps
Targets
Web applications
Mobile applications
APIs and microservices
Containers
Infrastructure as code
Cloud infrastructure
Resources
Advisories
Blog
Downloadables
Cybersecurity essentials
Documentation
Courses on our platform
Company
About us
Clients
Certifications
Partners
Careers
SOC 2 Type II
SOC 3
Subscribe to our newsletter
Stay updated on our upcoming events and latest blog posts, advisories and other engaging resources.
Subscribe
© 2025 Fluid Attacks. We hack your software.
Terms of use
Privacy policy
System status
Cookie policy
Fluid Attacks' solutions enable organizations to identify, prioritize, and remediate vulnerabilities in their software throughout the SDLC. Supported by AI, automated tools, and pentesters, Fluid Attacks accelerates companies' risk exposure mitigation and strengthens their cybersecurity posture.
Products
Platform
SAST
DAST
SCA
CSPM
PTaaS
Secure code review
Reverse engineering
Solutions
Continuous Hacking
AppSec
Cloud security
ASPM
RBVM
SSCS
Compliance
DevSecOps
Targets
Web applications
Mobile applications
APIs and microservices
Containers
Infrastructure as code
Cloud infrastructure
Resources
Advisories
Blog
Downloadables
Cybersecurity essentials
Documentation
Courses on our platform
Company
About us
Clients
Certifications
Partners
Careers
SOC 2 Type II
SOC 3
Subscribe to our newsletter
Stay updated on our upcoming events and latest blog posts, advisories and other engaging resources.
Subscribe
© 2025 Fluid Attacks. We hack your software.
Terms of use
Privacy policy
System status
Cookie policy