sahiloj/CVE-2023-31702

Releases0

Stars2

CVE-2023-31702 | eScan Management Console 14.0.1400.2281 | Authenticated SQL injection in the "View User Profile" allows attackers to dump the database and gain command shell access on the server via `GetUserCurrentPwd?UsrId=1`.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-31702 ↗	May 17, 2023Wednesday, 17 May 2023, 13:15	7.2 HIGH	—
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1.