CVE-2023-43013

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

A

sset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control.

References

Link	Resource
https://fluidattacks.com/advisories/nergal	Exploit Third Party Advisory
https://projectworlds.in/	Product
https://fluidattacks.com/advisories/nergal	Exploit Third Party Advisory
https://projectworlds.in/	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:projectworlds:asset_management_system:1.0:*:*:*:*:*:*:*

History

21 Nov 2024, 08:23

Type	Values Removed	Values Added
References	~~() https://fluidattacks.com/advisories/nergal - Exploit, Third Party Advisory~~	() https://fluidattacks.com/advisories/nergal - Exploit, Third Party Advisory
References	~~() https://projectworlds.in/ - Product~~	() https://projectworlds.in/ - Product

Information

Published : 2023-09-28 21:15

Updated : 2024-11-21 08:23

NVD link : CVE-2023-43013

Mitre link : CVE-2023-43013

CVE.ORG link : CVE-2023-43013

JSON object : View

Products Affected

projectworlds

asset_management_system

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2023-43013", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-09-28T21:15:10.037", "references": [{"url": "https://fluidattacks.com/advisories/nergal", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://projectworlds.in/", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://fluidattacks.com/advisories/nergal", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://projectworlds.in/", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-89"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Asset Management System v1.0 is vulnerable to an\n\nunauthenticated SQL Injection vulnerability on the\n\n'email' parameter of index.php page, allowing an\n\nexternal attacker to dump all the contents of the\n\ndatabase contents and bypass the login control.\n\n\n\n"}, {"lang": "es", "value": "Asset Management System v1.0 es vulnerable a una vulnerabilidad de Inyecci\u00f3n SQL no autenticada en el par\u00e1metro 'email' de la p\u00e1gina index.php, lo que permite a un atacante externo volcar todo el contenido de la base de datos y omitir el control de inicio de sesi\u00f3n."}], "lastModified": "2024-11-21T08:23:37.430", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:projectworlds:asset_management_system:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "656A5C3D-EB26-41B4-8D6A-BE16BE287F05"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}