exploitDog

CVE-2023-43013

Опубликовано: 28 сент. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Asset Management System v1.0 is vulnerable to an

unauthenticated SQL Injection vulnerability on the

'email' parameter of index.php page, allowing an

external attacker to dump all the contents of the

database contents and bypass the login control.

Ссылки

https://fluidattacks.com/advisories/nergal
Exploit
Third Party Advisory
https://projectworlds.in/
Product
https://fluidattacks.com/advisories/nergal
Exploit
Third Party Advisory
https://projectworlds.in/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:projectworlds:asset_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 11%

0.00037

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

CWE-89

Связанные уязвимости

GHSA-4fv5-wjqm-7f2r

CVSS3: 9.8

github

больше 2 лет назад

Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control.

EPSS

Процентиль: 11%

0.00037

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

CWE-89