CVE-2023-31702

Description

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1.

NVD
Severity: HIGH
CVE ID: CVE-2023-31702
CVSS Score: 7.2
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Refrence: NVD MITRE

Proof Of Concept

sahiloj

Authenticated SQL Injection to RCE on database server in eScan Management Console

Refrence: GitHub

Content on GitHub

2019000102494 | watchers:0

CVE-2023-31702
test-send-CVE

Refrence: GitHub

Description​

Proof Of Concept​

Content on GitHub​

Description

Proof Of Concept

Content on GitHub