CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43014 – Asset Management System v1.0 - Authenticated SQL Injection (SQLi)
https://notcve.org/view.php?id=CVE-2023-43014
Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'first_name' and 'last_name' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents. Asset Management System v1.0 es vulnerable a una vulnerabilidad de inyección SQL autenticada en los parámetros 'first_name' y 'last_name' de la página user.php, lo que permite a un atacante autenticado volcar todo el contenido de la base de datos. • https://fluidattacks.com/advisories/gaahl https://projectworlds.in • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43013 – Asset Management System v1.0 - Unauthenticated SQL Injection (SQLi)
https://notcve.org/view.php?id=CVE-2023-43013
Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. Asset Management System v1.0 es vulnerable a una vulnerabilidad de Inyección SQL no autenticada en el parámetro 'email' de la página index.php, lo que permite a un atacante externo volcar todo el contenido de la base de datos y omitir el control de inicio de sesión. • https://fluidattacks.com/advisories/nergal https://projectworlds.in • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-43144
https://notcve.org/view.php?id=CVE-2023-43144
Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php. Projectworldsl Assets-management-system-in-php 1.0 es vulnerable a la inyección SQL a través del parámetro "id" en delete.php. • https://github.com/Pegasus0xx/CVE-2023-43144 https://github.com/projectworldsofficial/Assets-management-system-in-php/issues/2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •