CVE-2023-43014

Name of the Vulnerable Software and Affected Versions Asset Management System version 1.0

Description The issue is an Authenticated SQL Injection vulnerability that affects the first name and last name parameters of the user.php page. This allows an authenticated attacker to dump all the contents of the database.

Recommendations For Asset Management System version 1.0, consider disabling the first name and last name parameters in the user.php page as a temporary workaround until a patch is available. Restrict access to the user.php page to minimize the risk of exploitation. Avoid using the first name and last name parameters in the affected page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.