Lucene search

[email protected]CVE-2023-31702

HistoryMay 17, 2023 - 1:15 p.m.

CVE-2023-31702

2023-05-1713:15:09

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

microworld escan

security vulnerability

command execution

nvd

cve-2023-31702

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.6%

JSON

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1.

Affected configurations

NVD

Node

escanavescan_management_consoleMatch14.0.1400.2281

CPENameOperatorVersion
escanav:escan_management_consoleescanav escan management consoleeq14.0.1400.2281

CPE	Name	Operator	Version
escanav:escan_management_console	escanav escan management console	eq	14.0.1400.2281

References

packetstormsecurity.com/files/172545/eScan-Management-Console-14.0.1400.2281-SQL-Injection.html

github.com/sahiloj/CVE-2023-31702/blob/main/README.md

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.6%

JSON

Related for CVE-2023-31702

nvd1 zdt1 prion1 cvelist1 packetstorm1 exploitdb1