nvd-json-data-feeds/CVE-2023/CVE-2023-430xx/CVE-2023-43013.json

{
  "id": "CVE-2023-43013",
  "sourceIdentifier": "help@fluidattacks.com",
  "published": "2023-09-28T21:15:10.037",
  "lastModified": "2023-09-29T04:19:01.990",
  "vulnStatus": "Undergoing Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "Asset Management System v1.0 is vulnerable to an\n\nunauthenticated SQL Injection vulnerability on the\n\n'email' parameter of index.php page, allowing an\n\nexternal attacker to dump all the contents of the\n\ndatabase contents and bypass the login control.\n\n\n\n"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "help@fluidattacks.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "help@fluidattacks.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://fluidattacks.com/advisories/nergal",
      "source": "help@fluidattacks.com"
    },
    {
      "url": "https://projectworlds.in/",
      "source": "help@fluidattacks.com"
    }
  ]
}
Auto-Update: 2023-09-28T22:00:25.512017+00:00 2023-09-28 22:00:29 +00:00			`{`
			`"id": "CVE-2023-43013",`
			`"sourceIdentifier": "help@fluidattacks.com",`
			`"published": "2023-09-28T21:15:10.037",`
Auto-Update: 2023-09-29T06:00:24.686342+00:00 2023-09-29 06:00:28 +00:00			`"lastModified": "2023-09-29T04:19:01.990",`
			`"vulnStatus": "Undergoing Analysis",`
Auto-Update: 2023-09-28T22:00:25.512017+00:00 2023-09-28 22:00:29 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "Asset Management System v1.0 is vulnerable to an\n\nunauthenticated SQL Injection vulnerability on the\n\n'email' parameter of index.php page, allowing an\n\nexternal attacker to dump all the contents of the\n\ndatabase contents and bypass the login control.\n\n\n\n"`
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "help@fluidattacks.com",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 9.8,`
			`"baseSeverity": "CRITICAL"`
			`},`
			`"exploitabilityScore": 3.9,`
			`"impactScore": 5.9`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "help@fluidattacks.com",`
			`"type": "Secondary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-89"`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://fluidattacks.com/advisories/nergal",`
			`"source": "help@fluidattacks.com"`
			`},`
			`{`
			`"url": "https://projectworlds.in/",`
			`"source": "help@fluidattacks.com"`
			`}`
			`]`
			`}`