CVE-2023-4034 CRITICAL

CVE-2023-4034: SQLi in Smartrise Document Management System

Vendor Digita Information Technology
Product Smartrise Document Management System
Weakness CWE-89 · SQLi
Published September 5, 2023
Last update May 21, 2026
View on NVD All CVEs

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digita Information Technology Smartrise Document Management System allows SQL Injection. This issue affects Smartrise Document Management System: before Hvl-2.0.

Key dates

02Disclosure timeline

September 5, 2023 CVE published
May 21, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-46823 WordPress ImageLinks Interactive Image Builder Plugin <= 1.5.4 is vulnerable to SQL Injection CVE-2023-6765 SourceCodester Online Tours & Travels Management System email_setup.php prepare sql injection CVE-2023-30867 Apache StreamPark (incubating): Authenticated system users could trigger SQL injection vulnerability CVE-2021-43830 SQL injection in OpenProject CVE-2025-9759 Campcodes/SourceCodester Courier Management System ajax.php signup sql injection