CVE-2023-31702
Description
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1.
NVD
Severity: HIGH
CVE ID: CVE-2023-31702
CVSS Score: 7.2
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
sahiloj
Authenticated SQL Injection to RCE on database server in eScan Management Console
Refrence: GitHub
Content on GitHub
2019000102494 | watchers:0
CVE-2023-31702
test-send-CVE
Refrence: GitHub