CVE-2023-43013

Name of the Vulnerable Software and Affected Versions Asset Management System version 1.0

Description The issue concerns an unauthenticated SQL Injection vulnerability. It affects the email parameter of the "index.php" page, allowing an external attacker to dump all database contents and bypass login control.

Recommendations For Asset Management System version 1.0, as a temporary workaround, consider restricting access to the email parameter in the "index.php" page until a patch is available. Additionally, restrict access to the index.php page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.