CVE-2023-53734

Vulnerability

Analysis

The dawa-pharma-1.0 application, a pharmacy billing software developed by MayuriK, contains a critical SQL injection vulnerability in the login functionality. The email parameter is not properly sanitized before being used in SQL queries, allowing an unauthenticated attacker to inject arbitrary SQL commands [1][3]. Proof-of-concept payloads demonstrate both boolean-based blind and time-based blind injection techniques, including the use of MySQL's load_file function to exfiltrate data via out-of-band channels [3][4].

Exploitation

An attacker can exploit this vulnerability by sending a crafted POST request to the login endpoint with a malicious email parameter. No authentication is required, as the injection occurs during the login process itself [3]. The provided payloads show that the attacker can use boolean-based blind injection (e.g., -8698' OR 5305=5305-- vvuH) or time-based blind injection (e.g., using SLEEP(15)) to extract information from the database [3][4]. The use of load_file with a UNC path also enables out-of-band data exfiltration to an attacker-controlled server [3].

Impact

Successful exploitation allows an attacker to retrieve all client information stored in the application's database, including potentially sensitive personal and medical data. Furthermore, the attacker may be able to extract credentials or other sensitive information that could lead to administrative access to the server [3][4]. The vulnerability is rated as HIGH severity due to the lack of authentication required and the potential for complete compromise of the application's data.

Mitigation

As of the publication date (2025-12-04), no official patch has been released by the vendor. Users of dawa-pharma-1.0 are advised to implement input validation and parameterized queries for the email parameter, or to discontinue use of the software until a fix is available. The vulnerability has been publicly disclosed with proof-of-concept code, increasing the risk of exploitation [3][4].