CVE-2023-43013 Information
Sep 30, 2023
cve
Description
Asset Management System v1.0 is vulnerable to an
unauthenticated SQL Injection vulnerability on the
’email’ parameter of index.php page allowing an
external attacker to dump all the contents of the
database contents and bypass the login control.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://fluidattacks.com/advisories/nergal https://projectworlds.in/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: