CVE-2023-31702

HIGH

MicroWorld eScan Management Console <14.0.1400.2281 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2023-31702. PoCs published by Sahil Ojha, sahiloj.

AI-analyzed exploit summary This is a writeup describing a SQL injection vulnerability in eScan Management Console 14.0.1400.2281. It provides steps to reproduce the issue, including a time-based SQLi payload for the 'UsrId' parameter.

Description

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1.

Exploits (2)

exploitdb WRITEUP

by Sahil Ojha · textwebappswindows

https://www.exploit-db.com/exploits/51466

View Code ZIP pw:eip

This is a writeup describing a SQL injection vulnerability in eScan Management Console 14.0.1400.2281. It provides steps to reproduce the issue, including a time-based SQLi payload for the 'UsrId' parameter.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: eScan Management Console 14.0.1400.2281

Auth required

Prerequisites: Valid credentials for the eScan Management Console · Access to the target URL

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WRITEUP 2 stars

by sahiloj · poc

https://github.com/sahiloj/CVE-2023-31702

View Code ZIP pw:eip

This repository provides a detailed writeup for CVE-2023-31702, an authenticated SQL injection vulnerability in eScan Management Console 14.0.1400.2281. It includes steps to reproduce the vulnerability and confirms the ability to execute OS commands via SQL injection.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: MicroWorld Technologies eScan Management Console 14.0.1400.2281

Auth required

Prerequisites: Valid credentials for the eScan Management Console · Access to the vulnerable endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/172545/eScan-Management-Console-14.0.1400.2281-SQL-Injection.html

Exploit, Third Party Advisory

https://github.com/sahiloj/CVE-2023-31702/blob/main/README.md

View Exploit ZIP pw:eip

Scores

CVSS v3 7.2

EPSS 0.0431

EPSS Percentile 89.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-89

Status published

Products (1)

escanav/escan_management_console 14.0.1400.2281

Published May 17, 2023

Tracked Since Feb 18, 2026