CVE-2023-28701

CRITICAL

9.8

Description

ELITE TECHNOLOGY CORP. Web Fax has a vulnerability of SQL Injection. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to perform arbitrary system commands, disrupt service or terminate service.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie6/2/2023

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

elite:webfax

Faiblesses (CWE)

CWE-89

References

https://www.twcert.org.tw/tw/cp-132-7145-1a0d4-1.html(twcert@cert.org.tw)

https://www.twcert.org.tw/tw/cp-132-7145-1a0d4-1.html(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.