Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-43013

Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control.

Published

2023-09-28T21:15:10.037

Last Modified

2024-11-21T08:23:37.430

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-89
Type: Primary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	projectworlds	asset_management_system	1.0	Yes

References

https://fluidattacks.com/advisories/nergal Exploit, Third Party Advisory ([email protected])
https://projectworlds.in/ Product ([email protected])
https://fluidattacks.com/advisories/nergal Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://projectworlds.in/ Product (af854a3a-2127-422b-91ae-364da2661108)