exploitDog

CVE-2023-31702

Опубликовано: 17 мая 2023

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1.

Ссылки

http://packetstormsecurity.com/files/172545/eScan-Management-Console-14.0.1400.2281-SQL-Injection.html
Exploit
Third Party Advisory
https://github.com/sahiloj/CVE-2023-31702/blob/main/README.md
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/172545/eScan-Management-Console-14.0.1400.2281-SQL-Injection.html
Exploit
Third Party Advisory
https://github.com/sahiloj/CVE-2023-31702/blob/main/README.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:escanav:escan_management_console:14.0.1400.2281:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01794

Низкий

7.2 High

CVSS3

Дефекты

CWE-89

CWE-89

Связанные уязвимости

GHSA-m6fg-whf5-7h4f

CVSS3: 7.2

github

больше 2 лет назад

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1.

EPSS

Процентиль: 82%

0.01794

Низкий

7.2 High

CVSS3

Дефекты

CWE-89

CWE-89