← back
CVE-2023-5828

Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System login.aspx sql injection

CVSS 7.3 HIGHEPSS 0.7%CWE-89
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.3EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
27 Oct 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability was found in Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System up to 20231026. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.aspx. The manipulation of the argument tbxUserName leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243727.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L