CVE-2023-53975
Unknown Unknown - Not Provided
Unauthenticated SQL Injection in Atom CMS 2.0 Admin Module

Publication date: 2025-12-22

Last updated on: 2025-12-22

Assigner: VulnCheck

Description
Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries through unvalidated parameters. Attackers can inject malicious SQL code in the 'id' parameter of the admin index page to execute time-based blind SQL injection attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-22
Last Modified
2025-12-22
Generated
2026-06-16
AI Q&A
2025-12-23
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53975
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
atom_cms atom_cms 2.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2023-53975 is an unauthenticated SQL injection vulnerability in Atom CMS version 2.0. It occurs because the 'id' parameter on the admin index page does not properly validate input, allowing remote attackers to inject malicious SQL code. This enables time-based blind SQL injection attacks, where attackers can manipulate database queries without needing to authenticate, potentially executing arbitrary SQL commands. [2, 3]

Impact Analysis

This vulnerability can allow attackers to remotely manipulate the database of Atom CMS without authentication. They can execute arbitrary SQL commands, potentially leading to unauthorized data access, data manipulation, or denial of service by causing delayed server responses. The impact includes high confidentiality and integrity risks, as attackers can extract sensitive information or alter data. [2, 3]

Detection Guidance

This vulnerability can be detected by testing the 'id' parameter (and other parameters like 'email', 'slug', 'status', 'user') in the admin index page for time-based blind SQL injection. A common detection method is to send a request with a payload that causes a delay, such as using the SQL sleep() function. For example, sending a POST request to `/Atom.CMS-master/admin/index.php?page=users&id=(select*from(select(sleep(10)))a)` and observing if the server response is delayed by about 10 seconds indicates the presence of the vulnerability. [3]

Mitigation Strategies

Immediate mitigation steps include updating Atom CMS to version 2.1 or later, which contains security patches addressing this and other vulnerabilities. Additionally, restricting access to the admin interface, implementing input validation and sanitization on all parameters, and monitoring for suspicious requests targeting the 'id' and related parameters can help reduce risk until the update is applied. [1]

Compliance Impact

The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53975. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart