CVE-2023-31702

Published
View on NVD ↗
CVSS v3
7.2
HIGH
CVSS v2
N/A
Affected
1
PROJECT

Description

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1.

sahiloj/CVE-2023-31702
sahiloj/CVE-2023-31702
CVE-2023-31702 | eScan Management Console 14.0.1400.2281 | Authenticated SQL injection in the "View User Profile" allows attackers to dump the database and gain command shell access on the server via `GetUserCurrentPwd?UsrId=1`.
GitHubGitHub
2