{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-43013", "assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "state": "PUBLISHED", "assignerShortName": "Fluid Attacks", "dateReserved": "2023-09-14T19:53:08.871Z", "datePublished": "2023-09-28T21:00:07.125Z", "dateUpdated": "2024-09-23T18:49:40.194Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Asset Management System", "vendor": "Asset Management System", "versions": [{"status": "affected", "version": "1.0"}]}], "datePublic": "2023-09-28T20:58:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><div>Asset Management System v1.0 is vulnerable to an</div><div>unauthenticated SQL Injection vulnerability on the</div><div>'email' parameter of index.php page, allowing an</div><div>external attacker to dump all the contents of the</div><div>database contents and bypass the login control.</div></div>"}], "value": "Asset Management System v1.0 is vulnerable to an\n\nunauthenticated SQL Injection vulnerability on the\n\n'email' parameter of index.php page, allowing an\n\nexternal attacker to dump all the contents of the\n\ndatabase contents and bypass the login control.\n\n\n\n"}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "shortName": "Fluid Attacks", "dateUpdated": "2023-09-28T21:00:07.125Z"}, "references": [{"url": "https://fluidattacks.com/advisories/nergal"}, {"url": "https://projectworlds.in/"}], "source": {"discovery": "EXTERNAL"}, "title": "Asset Management System v1.0 - Unauthenticated SQL Injection (SQLi)", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:37:23.133Z"}, "title": "CVE Program Container", "references": [{"url": "https://fluidattacks.com/advisories/nergal", "tags": ["x_transferred"]}, {"url": "https://projectworlds.in/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-23T18:49:27.671512Z", "id": "CVE-2023-43013", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-23T18:49:40.194Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://fluidattacks.com/advisories/nergal", "tags": ["x_transferred"]}, {"url": "https://projectworlds.in/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:37:23.133Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-43013", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-23T18:49:27.671512Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-23T18:49:32.384Z"}}], "cna": {"title": "Asset Management System v1.0 - Unauthenticated SQL Injection (SQLi)", "source": {"discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Asset Management System", "product": "Asset Management System", "versions": [{"status": "affected", "version": "1.0"}], "defaultStatus": "unaffected"}], "datePublic": "2023-09-28T20:58:00.000Z", "references": [{"url": "https://fluidattacks.com/advisories/nergal"}, {"url": "https://projectworlds.in/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Asset Management System v1.0 is vulnerable to an\n\nunauthenticated SQL Injection vulnerability on the\n\n'email' parameter of index.php page, allowing an\n\nexternal attacker to dump all the contents of the\n\ndatabase contents and bypass the login control.\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "<div><div>Asset Management System v1.0 is vulnerable to an</div><div>unauthenticated SQL Injection vulnerability on the</div><div>'email' parameter of index.php page, allowing an</div><div>external attacker to dump all the contents of the</div><div>database contents and bypass the login control.</div></div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "shortName": "Fluid Attacks", "dateUpdated": "2023-09-28T21:00:07.125Z"}}}, "cveMetadata": {"cveId": "CVE-2023-43013", "state": "PUBLISHED", "dateUpdated": "2024-09-23T18:49:40.194Z", "dateReserved": "2023-09-14T19:53:08.871Z", "assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869", "datePublished": "2023-09-28T21:00:07.125Z", "assignerShortName": "Fluid Attacks"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:projectworlds:asset_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "656A5C3D-EB26-41B4-8D6A-BE16BE287F05", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Asset Management System v1.0 is vulnerable to an\n\nunauthenticated SQL Injection vulnerability on the\n\n'email' parameter of index.php page, allowing an\n\nexternal attacker to dump all the contents of the\n\ndatabase contents and bypass the login control.\n\n\n\n"}, {"lang": "es", "value": "Asset Management System v1.0 es vulnerable a una vulnerabilidad de Inyecci\u00f3n SQL no autenticada en el par\u00e1metro 'email' de la p\u00e1gina index.php, lo que permite a un atacante externo volcar todo el contenido de la base de datos y omitir el control de inicio de sesi\u00f3n."}], "id": "CVE-2023-43013", "lastModified": "2024-11-21T08:23:37.430", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "help@fluidattacks.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-28T21:15:10.037", "references": [{"source": "help@fluidattacks.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://fluidattacks.com/advisories/nergal"}, {"source": "help@fluidattacks.com", "tags": ["Product"], "url": "https://projectworlds.in/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://fluidattacks.com/advisories/nergal"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://projectworlds.in/"}], "sourceIdentifier": "help@fluidattacks.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "help@fluidattacks.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}