HIGH🇵🇱 Wersja polska

CVE-2023-31702

CVSS 7.2v3.1pub. 2023-05-17upd. 2025-01-22

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Escanav Escan Management Console

    APP
    Escanav
    14.0.1400.2281
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCESQLi
CWE
References

Related vulnerabilities

CVE-2024-42919CRITICAL9.8PL ✓ten sam produkt

Błąd kontroli dostępu w eScan Management Console (acteScanAVReport)

CVE-2023-33730CRITICAL9.8ten sam produkt

Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 1...

CVE-2023-31703CRITICAL9.0ten sam produkt

Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400...

CVE-2023-34835MEDIUM5.4ten sam produkt

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allo...

CVE-2023-34836MEDIUM5.4ten sam produkt

A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allo...