Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by Asset Management System
CVE-2023-43014 (GCVE-0-2023-43014)
Vulnerability from cvelistv5 – Published: 2023-09-28 21:04 – Updated: 2024-09-23 18:48
VLAI?
Title
Asset Management System v1.0 - Authenticated SQL Injection (SQLi)
Summary
Asset Management System v1.0 is vulnerable to
an Authenticated SQL Injection vulnerability
on the 'first_name' and 'last_name' parameters
of user.php page, allowing an authenticated
attacker to dump all the contents of the database
contents.
Severity ?
8.8 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Asset Management System | Asset Management System |
Affected:
1.0
|
Date Public ?
2023-09-28 21:01
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:37:22.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/gaahl"
},
{
"tags": [
"x_transferred"
],
"url": "https://projectworlds.in/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43014",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T18:48:30.627681Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T18:48:41.280Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Asset Management System",
"vendor": "Asset Management System",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"datePublic": "2023-09-28T21:01:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eAsset Management System v1.0 is vulnerable to\u003c/div\u003e\u003cdiv\u003ean Authenticated SQL Injection vulnerability\u003c/div\u003e\u003cdiv\u003eon the \u0027first_name\u0027 and \u0027last_name\u0027 parameters\u003c/div\u003e\u003cdiv\u003eof user.php page, allowing an authenticated\u003c/div\u003e\u003cdiv\u003eattacker to dump all the contents of the database\u003c/div\u003e\u003cdiv\u003econtents.\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Asset Management System v1.0 is vulnerable to\n\nan Authenticated SQL Injection vulnerability\n\non the \u0027first_name\u0027 and \u0027last_name\u0027 parameters\n\nof user.php page, allowing an authenticated\n\nattacker to dump all the contents of the database\n\ncontents.\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-28T21:04:11.974Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"url": "https://fluidattacks.com/advisories/gaahl"
},
{
"url": "https://projectworlds.in/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Asset Management System v1.0 - Authenticated SQL Injection (SQLi)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2023-43014",
"datePublished": "2023-09-28T21:04:11.974Z",
"dateReserved": "2023-09-14T19:53:08.871Z",
"dateUpdated": "2024-09-23T18:48:41.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43013 (GCVE-0-2023-43013)
Vulnerability from cvelistv5 – Published: 2023-09-28 21:00 – Updated: 2024-09-23 18:49
VLAI?
Title
Asset Management System v1.0 - Unauthenticated SQL Injection (SQLi)
Summary
Asset Management System v1.0 is vulnerable to an
unauthenticated SQL Injection vulnerability on the
'email' parameter of index.php page, allowing an
external attacker to dump all the contents of the
database contents and bypass the login control.
Severity ?
9.8 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Asset Management System | Asset Management System |
Affected:
1.0
|
Date Public ?
2023-09-28 20:58
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:37:23.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/nergal"
},
{
"tags": [
"x_transferred"
],
"url": "https://projectworlds.in/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43013",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-23T18:49:27.671512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-23T18:49:40.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Asset Management System",
"vendor": "Asset Management System",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"datePublic": "2023-09-28T20:58:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eAsset Management System v1.0 is vulnerable to an\u003c/div\u003e\u003cdiv\u003eunauthenticated SQL Injection vulnerability on the\u003c/div\u003e\u003cdiv\u003e\u0027email\u0027 parameter of index.php page, allowing an\u003c/div\u003e\u003cdiv\u003eexternal attacker to dump all the contents of the\u003c/div\u003e\u003cdiv\u003edatabase contents and bypass the login control.\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Asset Management System v1.0 is vulnerable to an\n\nunauthenticated SQL Injection vulnerability on the\n\n\u0027email\u0027 parameter of index.php page, allowing an\n\nexternal attacker to dump all the contents of the\n\ndatabase contents and bypass the login control.\n\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-28T21:00:07.125Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"url": "https://fluidattacks.com/advisories/nergal"
},
{
"url": "https://projectworlds.in/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Asset Management System v1.0 - Unauthenticated SQL Injection (SQLi)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2023-43013",
"datePublished": "2023-09-28T21:00:07.125Z",
"dateReserved": "2023-09-14T19:53:08.871Z",
"dateUpdated": "2024-09-23T18:49:40.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}