CVE-2023-34635
Description
Unibox Administration 3.0 and 3.1 login page SQL injection via unsanitized username field allows admin authentication bypass.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unibox Administration 3.0 and 3.1 login page SQL injection via unsanitized username field allows admin authentication bypass.
Vulnerability
The Wifi Soft Unibox Administration login page in versions 3.0 and 3.1 is vulnerable to SQL injection in the username field. The application fails to validate or sanitize user input before passing it directly to the backend database, allowing an attacker to inject arbitrary SQL queries [1]. The vulnerability is reachable without prior authentication, as it resides in the login functionality.
Exploitation
An attacker needs only network access to the login page. The steps are: (1) navigate to the login page and confirm the version is 3.0 or 3.1; (2) enter the payload 'or 1=1 limit 1-- - into the username field, provide any random password, and solve the CAPTCHA; (3) submit the form. The injected SQL statement bypasses authentication by always returning a valid user row, logging the attacker in as an administrator [1].
Impact
Successful exploitation grants the attacker full administrative access to the Unibox Administration panel. From that privileged position, the attacker can view all user data, modify records, and revoke access rights, leading to a complete compromise of confidentiality, integrity, and availability of the hotspot management system [1].
Mitigation
No official patch or fixed version has been disclosed in the available references [1]. Users are advised to restrict network access to the login page, apply input validation at the application level, or contact the vendor for remediation guidance. As of publication, the vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Wifi Soft/Wifi Soft Unibox Administrationdescription
- Range: 3.0 and 3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing input validation and sanitization of the username field allows SQL injection."
Attack vector
An attacker sends a POST request to `/index.php` with the payload `'or 1=1 limit 1-- -` in the username field, along with any random password and a valid captcha [ref_id=1]. Because the input is not sanitized, the SQL query is altered to always return a valid row, bypassing authentication and granting admin access [ref_id=1]. The attacker must also solve the captcha presented on the login page [ref_id=1].
Affected code
The vulnerable code resides in the login page (`/index.php`) of Wifi Soft Unibox Administration 3.0 and 3.1. The username field is passed directly to the backend database without validation or sanitization [ref_id=1].
What the fix does
No patch is provided in the bundle. The advisory recommends validating and sanitizing user input in the username field before sending it to the backend database [ref_id=1]. Proper parameterized queries or prepared statements would prevent the SQL injection by separating SQL logic from user-supplied data.
Preconditions
- configThe target must be running Wifi Soft Unibox Administration 3.0 or 3.1
- inputThe attacker must solve the captcha presented on the login page
- networkThe attacker must have network access to the login page (/index.php)
Reproduction
Step 1: Visit the login page and confirm the version is 3.0 or 3.1. Step 2: Enter the payload `'or 1=1 limit 1-- -` in the username field and any random password. Step 3: Fill in the captcha and hit login. The attacker is then logged in as an administrator [ref_id=1].
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2News mentions
0No linked articles in our index yet.