Vulnerabilities > Projectworlds > Asset Management System > 1.0

DATE	CVE	VULNERABILITY TITLE	RISK
2023-09-28	CVE-2023-43014	SQL Injection vulnerability in Projectworlds Asset Management System 1.0 Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'first_name' and 'last_name' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents. network low complexity projectworlds CWE-89	8.8
2023-09-28	CVE-2023-43013	SQL Injection vulnerability in Projectworlds Asset Management System 1.0 Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. network low complexity projectworlds CWE-89 critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.