CVE-2023-3522 CRITICAL

CVE-2023-3522: SQLi in a2 License Portal System

Vendor A2
Product License Portal System
Weakness CWE-89 · SQLi
Published August 8, 2023
Last update May 22, 2026
View on NVD All CVEs

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 License Portal System allows SQL Injection. This issue affects License Portal System: before 1.48.

Key dates

02Disclosure timeline

August 8, 2023 CVE published
May 22, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-41375 SQL Injection in Limesurvey CVE-2025-12850 My auctions allegro <= 3.6.32 - Unauthenticated SQL Injection via auction_id CVE-2025-14646 code-projects Student File Management System delete_student.php sql injection CVE-2023-7139 code-projects Client Details System HTTP POST Request regester.php sql injection CVE-2025-5339 Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager <= 4.89 - Unauthenticated Time-Based SQL Injection via ‘bsa_pro_id'