{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-43013","assignerOrgId":"84fe0718-d6bb-4716-a7e8-81a6d1daa869","state":"PUBLISHED","assignerShortName":"Fluid Attacks","dateReserved":"2023-09-14T19:53:08.871Z","datePublished":"2023-09-28T21:00:07.125Z","dateUpdated":"2024-09-23T18:49:40.194Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Asset Management System","vendor":"Asset Management System","versions":[{"status":"affected","version":"1.0"}]}],"datePublic":"2023-09-28T20:58:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<div><div>Asset Management System v1.0 is vulnerable to an</div><div>unauthenticated SQL Injection vulnerability on the</div><div>'email' parameter of index.php page, allowing an</div><div>external attacker to dump all the contents of the</div><div>database contents and bypass the login control.</div></div>"}],"value":"Asset Management System v1.0 is vulnerable to an\n\nunauthenticated SQL Injection vulnerability on the\n\n'email' parameter of index.php page, allowing an\n\nexternal attacker to dump all the contents of the\n\ndatabase contents and bypass the login control.\n\n\n\n"}],"impacts":[{"capecId":"CAPEC-66","descriptions":[{"lang":"en","value":"CAPEC-66 SQL Injection"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-89","description":"CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"84fe0718-d6bb-4716-a7e8-81a6d1daa869","shortName":"Fluid Attacks","dateUpdated":"2023-09-28T21:00:07.125Z"},"references":[{"url":"https://fluidattacks.com/advisories/nergal"},{"url":"https://projectworlds.in/"}],"source":{"discovery":"EXTERNAL"},"title":"Asset Management System v1.0 - Unauthenticated SQL Injection (SQLi)","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T19:37:23.133Z"},"title":"CVE Program Container","references":[{"url":"https://fluidattacks.com/advisories/nergal","tags":["x_transferred"]},{"url":"https://projectworlds.in/","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-23T18:49:27.671512Z","id":"CVE-2023-43013","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-23T18:49:40.194Z"}}]}}