{
  "id": "CVE-2023-39849",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-08-15T22:15:13.937",
  "lastModified": "2023-08-17T07:15:43.463",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "** DISPUTED ** Pikachu v1.0 was discovered to contain a SQL injection vulnerability via the $username parameter at \\inc\\function.php. NOTE: this is disputed by multiple third parties who report that the only role of Pikachu is to intentionally implement vulnerabilities for learning purposes; it is never employed for delivering services or functionality to end users."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://github.com/KLSEHB/vulnerability-report/blob/main/Pikachu_CVE-2023-39849",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://github.com/zhuifengshaonianhanlu/pikachu",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://github.com/zhuifengshaonianhanlu/pikachu/blob/master/README.md",
      "source": "cve@mitre.org"
    }
  ]
}