How to fix CVE-2023-2073?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Validate that input sanitization is in place for all user-controlled parameters.

Is PHP affected by CVE-2023-2073?

Organizations using A vulnerability face moderate risk from CVE-2023-2073, a SQL injection vulnerability rated CVSS 7.3. Successful exploitation could allow attackers to execute arbitrary code or commands on affected systems, potentially leading to full system compromise.

CVE-2023-2073

HIGH

2023-04-14 [email protected]

SQLi PHP Authentication Bypass Online Traffic Offense Management System

7.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 17, 2026 - 20:45 vuln.today

PoC Detected

Mar 17, 2026 - 19:58 vuln.today

Public exploit code

CVE Published

Apr 14, 2023 - 19:15 nvd

HIGH 7.3

DescriptionNVD

A vulnerability was found in Campcodes Online Traffic Offense Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Login.php. The manipulation of the argument password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226051.

AnalysisAI

A critical SQL injection vulnerability exists in the Login.php file of Campcodes Online Traffic Offense Management System 1.0, specifically in the password parameter handling. The vulnerability allows remote attackers to bypass authentication and manipulate database queries without requiring any privileges or user interaction. A public proof-of-concept exploit is available on GitHub, though the EPSS score of 0.07% (20th percentile) suggests relatively low observed exploitation activity in the wild.

Technical ContextAI

This vulnerability affects the Campcodes Online Traffic Offense Management System version 1.0 (CPE: cpe:2.3:a:campcodes:online_traffic_offense_management_system:1.0:*:*:*:*:*:*:*), a PHP-based web application for managing traffic violations. The root cause is CWE-89 (SQL Injection), where user-supplied input in the password parameter of /classes/Login.php is not properly sanitized or parameterized before being used in SQL queries. This classic injection flaw allows attackers to inject malicious SQL commands through the authentication mechanism, bypassing input validation and potentially executing arbitrary database operations including authentication bypass, data extraction, modification, or deletion.

RemediationAI

No official patch or updated version has been identified in the available references for this vulnerability. Organizations running Campcodes Online Traffic Offense Management System 1.0 should immediately implement compensatory controls including: deploy a web application firewall (WAF) with SQL injection signatures to filter malicious input to /classes/Login.php; implement strict input validation and parameterized queries in the authentication code; restrict network access to the application to trusted IP ranges only; and conduct thorough code review of all database query implementations to identify and remediate similar SQL injection vulnerabilities. If the application is not business-critical, consider decommissioning it entirely given the lack of vendor support and available security updates. Monitor the VulDB entries at https://vuldb.com/?id.226051 for any future patch announcements.

CVE-2023-2073 vulnerability details – vuln.today

Back