CVE-2023-43144

CRITICAL

Assets-management-system-in-php 1.0 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-43144. PoCs published by Pegasus0xx.

AI-analyzed exploit summary The repository demonstrates a SQL injection vulnerability in Assets Management System 1.0 via the `id` parameter in `delete.php`. The PoC uses `sqlmap` to exploit the lack of input validation, confirming the vulnerability.

Description

Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php.

Exploits (1)

nomisec WORKING POC

by Pegasus0xx · poc

https://github.com/Pegasus0xx/CVE-2023-43144

View Code ZIP pw:eip

The repository demonstrates a SQL injection vulnerability in Assets Management System 1.0 via the `id` parameter in `delete.php`. The PoC uses `sqlmap` to exploit the lack of input validation, confirming the vulnerability.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Assets Management System 1.0

Auth required

Prerequisites: Access to the target application · Valid PHPSESSID cookie

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Issue Tracking

https://github.com/projectworldsofficial/Assets-management-system-in-php/issues/2

Scores

CVSS v3 9.8

EPSS 0.0091

EPSS Percentile 55.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-89

Status published

Products (1)

projectworlds/asset_management_system_project_in_php 1.0

Published Sep 22, 2023

Tracked Since Feb 18, 2026