CVE-2023-31702 – This SQL injection vulnerability in MicroWorld ... (How to Fix)

Q: What is the severity of CVE-2023-31702?

CVE-2023-31702 has a CVSS score of 7.2 (HIGH). This SQL injection vulnerability in MicroWorld eScan Management Console allows remote attackers to execute arbitrary SQL commands via the GetUserCurrentPwd parameter. Successful exploitation can lead to complete database compromise and potentially remote code execution on the database server. Organizations running the affected eScan Management Console version are at risk.

📋 TL;DR

This SQL injection vulnerability in MicroWorld eScan Management Console allows remote attackers to execute arbitrary SQL commands via the GetUserCurrentPwd parameter. Successful exploitation can lead to complete database compromise and potentially remote code execution on the database server. Organizations running the affected eScan Management Console version are at risk.

💻 Affected Systems

Products:

MicroWorld eScan Management Console

Versions: 14.0.1400.2281

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability is in the web interface component of the management console. Database server OS mentioned in references is Windows XP, but the vulnerability affects the management console application itself.

📦 What is this software?

Escan Management Console by Escanav

View all CVEs affecting Escan Management Console →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise with sensitive data exfiltration, followed by remote code execution on the database server leading to full system takeover and lateral movement within the network.

🟠

Likely Case

Database information disclosure including user credentials, configuration data, and potentially sensitive organizational information stored in the eScan database.

🟢

If Mitigated

Limited impact with proper input validation and database permissions preventing command execution, though SQL injection may still reveal some database information.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code and detailed analysis available. The vulnerability requires no authentication and has simple exploitation vectors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Contact MicroWorld support for updated version information and security patches.

🔧 Temporary Workarounds

Web Application Firewall (WAF) Rules

all

Implement WAF rules to block SQL injection patterns targeting the GetUserCurrentPwd parameter

Input Validation Filter

windows

Add input validation to sanitize UsrId parameter before processing

🧯 If You Can't Patch

Isolate the eScan Management Console from internet access and restrict network access to authorized IPs only
Implement database-level controls: use least privilege accounts, disable xp_cmdshell, and enable SQL Server auditing

🔍 How to Verify

Check if Vulnerable:

Test the endpoint with SQL injection payloads: /GetUserCurrentPwd?UsrId=1' OR '1'='1

Check Version:

Check eScan Management Console version in application interface or installation directory

Verify Fix Applied:

Test with same payloads after remediation; successful fix should return error or no data instead of executing SQL

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts or parameter manipulation in web logs
Unexpected command execution events on database server

Network Indicators:

HTTP requests to GetUserCurrentPwd with SQL injection patterns
Unusual outbound database connections or data exfiltration

SIEM Query:

source="web_logs" AND uri="/GetUserCurrentPwd" AND (param="UsrId" AND value MATCH "[';]|OR|UNION|SELECT")

📊 Metadata

CVE ID: CVE-2023-31702

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: May 17, 2023

Last Updated: January 22, 2025

🔗 References

http://packetstormsecurity.com/files/172545/eScan-Management-Console-14.0.1400.2281-SQL-Injection.html Exploit,Third Party Advisory
https://github.com/sahiloj/CVE-2023-31702/blob/main/README.md Exploit,Third Party Advisory
http://packetstormsecurity.com/files/172545/eScan-Management-Console-14.0.1400.2281-SQL-Injection.html Exploit,Third Party Advisory
https://github.com/sahiloj/CVE-2023-31702/blob/main/README.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-31702, you might also want to check these: