← back
CVE-2023-28701

ELITE Web Fax - SQL Injection

CVSS 9.8 CRITICALEPSS 0.9%CWE-89
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
02 Jun 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
ELITE TECHNOLOGY CORP. Web Fax has a vulnerability of SQL Injection. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to perform arbitrary system commands, disrupt service or terminate service.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
ELITE · Web Fax